我正在使用spring security 3.1.0,我有两个http块。一个用于REST Web服务层,我只想调用我的userManager身份验证提供程序,而不是两个身份验证提供程序。有没有办法将http块指向一个特定的auth提供者?
<http pattern="/services/**" create-session="stateless">
<intercept-url pattern="/**" access="ROLE_USER" />
<http-basic />
</http>
<http access-denied-page="/auth/denied.html">
<form-login
login-processing-url="/j_spring_security_check.html"
login-page="/auth/login.html"
default-target-url="/registered/home.html"
authentication-failure-url="/auth/login.html" />
<logout invalidate-session="true"
logout-url="/auth/logout.html"
success-handler-ref="DCLogoutSuccessHandler"/>
<anonymous username="guest" granted-authority="ROLE_ANONYMOUS"/>
<custom-filter after="FORM_LOGIN_FILTER" ref="xmlAuthenticationFilter" />
</http>
<authentication-manager alias="am">
<authentication-provider user-service-ref="userManager">
<password-encoder ref="passwordEncoder" />
</authentication-provider>
<authentication-provider ref="xmlAuthenticationProvider" />
</authentication-manager>
答案 0 :(得分:0)
请见configuring-spring-security-3-x-to-have-multiple-entry-points。您必须创建一个单独的令牌并覆盖身份验证提供程序的supports方法,以便提供程序仅处理该令牌。