使用Spring Security @configuration在同一应用程序中的两个领域

时间:2015-09-23 14:52:21

标签: java spring spring-mvc spring-security

我试图在春天使用配置有两个安全领域,但是我还没有成功,我跟着几个在线教程不成功我最近来的是拥有两个安全领域但是不能同时运行它们

这是我设置的代码

安全配置:

    @EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        System.out.println("MvcSecurityConfig Init");
        auth
                .inMemoryAuthentication()
                .withUser("user").password("password").roles("USER");
    }

    @Configuration
    @Order(301)
    public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                    .antMatcher("/api/**")
                    .authorizeRequests()
                    .antMatchers("/api/admin/**").hasRole("ADMIN")
                    .antMatchers("/api/**").hasRole("USER")
                    .and()
                    .httpBasic();
        }
    }

    @Configuration
    @Order(302)
    public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

        @Override
        public void configure(WebSecurity web) throws Exception {
            web
                    .ignoring()
                    .antMatchers("/resources/**");
        }

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                    .authorizeRequests()
                    .antMatchers("/signup", "/about").permitAll()
                    .anyRequest().hasRole("USER")
                    .and()
                    .formLogin()
                    .loginPage("/login")
                    .permitAll();
        }
    }

}

Init Config

public class AppInitializer implements WebApplicationInitializer {

    @Override
    public void onStartup(ServletContext container) throws ServletException {
        // Create the 'root' Spring application context
        AnnotationConfigWebApplicationContext rootContext = new AnnotationConfigWebApplicationContext();
        rootContext.register(RootConfiguration.class);

        // Manage the lifecycle of the root application context
        container.addListener(new ContextLoaderListener(rootContext));

        AnnotationConfigWebApplicationContext dispatcherServlet = new AnnotationConfigWebApplicationContext();
        dispatcherServlet.register(MvcConfig.class);

        // Register and map the dispatcher servlet
        ServletRegistration.Dynamic dispatcher = container.addServlet("dispatcher", new DispatcherServlet(dispatcherServlet));
        dispatcher.setLoadOnStartup(1);
        dispatcher.addMapping("/");
        rootContext.register(WebSecurityConfig.class); 
        container.addFilter("rest-security-filter", new DelegatingFilterProxy("springSecurityFilterChain"))
                .addMappingForUrlPatterns(null, false, "/api/*");

        /*container.addFilter("mvc-security-filter", new DelegatingFilterProxy("springSecurityFilterChain"))
                .addMappingForUrlPatterns(null, false, "/*");*/
    }

}

有什么建议吗?

谢谢

1 个答案:

答案 0 :(得分:1)

将内部静态类分隔到它们自己的文件中(两者都有注释@Configuration,第二行注释@EnableWebSecurity)并创建另一个导入它们的类:

@Configuration
@Import({ApiWebSecurityConfigurationAdapter.class, FormLoginWebSecurityConfigurerAdapter.class})
public class SecurityConfig {
}

并在启动rootContext.register(SecurityConfig.class);

上注册