我试图在春天使用配置有两个安全领域,但是我还没有成功,我跟着几个在线教程不成功我最近来的是拥有两个安全领域但是不能同时运行它们
这是我设置的代码
安全配置:
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
System.out.println("MvcSecurityConfig Init");
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
@Configuration
@Order(301)
public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/api/**")
.authorizeRequests()
.antMatchers("/api/admin/**").hasRole("ADMIN")
.antMatchers("/api/**").hasRole("USER")
.and()
.httpBasic();
}
}
@Configuration
@Order(302)
public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/signup", "/about").permitAll()
.anyRequest().hasRole("USER")
.and()
.formLogin()
.loginPage("/login")
.permitAll();
}
}
}
Init Config
public class AppInitializer implements WebApplicationInitializer {
@Override
public void onStartup(ServletContext container) throws ServletException {
// Create the 'root' Spring application context
AnnotationConfigWebApplicationContext rootContext = new AnnotationConfigWebApplicationContext();
rootContext.register(RootConfiguration.class);
// Manage the lifecycle of the root application context
container.addListener(new ContextLoaderListener(rootContext));
AnnotationConfigWebApplicationContext dispatcherServlet = new AnnotationConfigWebApplicationContext();
dispatcherServlet.register(MvcConfig.class);
// Register and map the dispatcher servlet
ServletRegistration.Dynamic dispatcher = container.addServlet("dispatcher", new DispatcherServlet(dispatcherServlet));
dispatcher.setLoadOnStartup(1);
dispatcher.addMapping("/");
rootContext.register(WebSecurityConfig.class);
container.addFilter("rest-security-filter", new DelegatingFilterProxy("springSecurityFilterChain"))
.addMappingForUrlPatterns(null, false, "/api/*");
/*container.addFilter("mvc-security-filter", new DelegatingFilterProxy("springSecurityFilterChain"))
.addMappingForUrlPatterns(null, false, "/*");*/
}
}
有什么建议吗?
谢谢
答案 0 :(得分:1)
将内部静态类分隔到它们自己的文件中(两者都有注释@Configuration
,第二行注释@EnableWebSecurity
)并创建另一个导入它们的类:
@Configuration
@Import({ApiWebSecurityConfigurationAdapter.class, FormLoginWebSecurityConfigurerAdapter.class})
public class SecurityConfig {
}
并在启动rootContext.register(SecurityConfig.class);