注册
登录
安全配置管理
Spring Boot +安全+多HTTP Web配置
返回
Spring Boot +安全+多HTTP Web配置
作者:
誓言你好
发布时间:
2025-01-01 03:42:46 (1月前)
转自:
<div class =“excerpt”> <span class =“result-highlight”> 安全 </跨度> <span class =“result-highlight”> 组态 </跨度> 但它不起作用。 我按照这个链接http://docs.spring.io/spring- <span class =“result-highlight”> 安全 </跨度> /site/docs/3.2.x/reference/htmlsingle/#multiple-httpsecurity但没有成功。而且,我正在尝试使用带弹簧的弹簧靴做一个例子 <span class =“result-highlight”> 安全 </跨度> 。我的想法是创建一个Web应用程序,并提供一个API,我想两者都有 <span class =“result-highlight”> 安全 </跨度> ;所以我需要创建一个多http网络 </DIV>
收藏
举报
4 条回复
0#
回复此人
仙风道骨刘憨憨
|
2019-08-31 10-32
<div class =“post-text”itemprop =“text”> <P> 我发现我可以用我的课程注释来解决这个问题 <code> @EnableWebSecurity </code> 看完这个提示后: <a href="https://github.com/spring-projects/spring-data-examples/issues/189#issuecomment-229552207" rel="nofollow noreferrer"> https://github.com/spring-projects/spring-data-examples/issues/189#issuecomment-229552207 </A> </p> </DIV>
编辑
1#
回复此人
無口君
|
2019-08-31 10-32
<div class =“post-text”itemprop =“text”> <P> 我也遇到了同样的问题。但是我在解决这个问题时解决了 的<strong> 从WebSecurityConfigurerAdapter扩展WebSecurityConfiguration主类。 </强> </p> <P> 请参考以下stackoverflow帖子,您可以在其中找到完整配置。 </p> <P> <a href="https://stackoverflow.com/questions/27774742/spring-security-http-basic-for-restful-and-formlogin-for-web-annotations/27833237#27833237"> 用于RESTFul的Spring Security HTTP Basic和用于web的FormLogin - 注释 </A> </p> </DIV>
编辑
2#
回复此人
无思
|
2019-08-31 10-32
<div class =“post-text”itemprop =“text”> <P> 经过大量阅读后,我发现了一些对我有用的东西: </p> <pre> <code> @Configuration @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER) @EnableGlobalMethodSecurity(securedEnabled = true) public class WebSecurityConfiguration extends GlobalAuthenticationConfigurerAdapter { @Resource(name = "customUserDetailsService") protected CustomUserDetailsService customUserDetailsService; @Resource private DataSource dataSource; @Autowired protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(customUserDetailsService); } @Configuration @Order(1) public static class ApiConfigurationAdapter extends WebSecurityConfigurerAdapter { @Resource(name = "restUnauthorizedEntryPoint") private RestUnauthorizedEntryPoint restUnauthorizedEntryPoint; @Resource(name = "restAccessDeniedHandler") private RestAccessDeniedHandler restAccessDeniedHandler; @Override protected void configure(HttpSecurity http) throws Exception { SecurityConfigurer<DefaultSecurityFilterChain, HttpSecurity> securityXAuthConfigurerAdapter = new XAuthTokenConfigurer( userDetailsServiceBean()); // @formatter:off http .antMatcher("/api/**").csrf().disable() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and() .exceptionHandling() .authenticationEntryPoint(restUnauthorizedEntryPoint) .accessDeniedHandler(restAccessDeniedHandler) .and() .authorizeRequests() .antMatchers(HttpMethod.POST, "/api/authenticate").permitAll() .anyRequest().hasRole("ADMIN") .and() .apply(securityXAuthConfigurerAdapter); // @formatter:on } } @Configuration @Order(2) public static class WebConfigurationAdapter extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .authorizeRequests() .antMatchers("/", "/home").permitAll() .anyRequest().authenticated() .and() .formLogin() .loginPage("/login").permitAll() .and() .logout().permitAll() ; // @formatter:on } } } </code> </pre> </DIV>
编辑
登录
后才能参与评论
