Spring安全性更改允许运行时的所有URL列表

时间:2016-07-25 18:24:11

标签: spring-security spring-boot

我需要在运行时为我的用例更改spring安全配置,我需要维护一个包含虚URL和相应url的XML。所以我需要在运行时告诉spring新添加到XML的url而不是阻止对这些公共URL的访问。

我的启动配置如下所示。 

public static String[] PERMIT_ALL_URLS = new String[] { "/css/**", "/js/**", "/images/**", "/healthcheck.jsp", "/healthCheck",
        "/healthcheck.xml", "/memberLogin.html", "/login.html","/wro/**","/*home.html", "/home.html","/auctions.html","/*auctions.html", "/upgrade-subscription", "/pages/**","/public/**", "/", "/Content/**","/CMS/Content/**","/saleListResultAllFrame/**"};

@Override
protected void configure(HttpSecurity http) throws Exception {
    List<String> permitAllUrls = new ArrayList<>(Arrays.asList(PERMIT_ALL_URLS));
    if (configDataManager.getAllRedirectUrlsMap() != null)
    {
        permitAllUrls.addAll(configDataManager.getAllRedirectUrlsMap().keySet());
    }
    String[] publicURLPatterns = permitAllUrls.toArray(new String[permitAllUrls.size()]);
    _logger.info("Loading Spring Security Configurations - Public URLS - " + publicURLPatterns);
    copartAuthenticationSuccessHandler.setDefaultTargetUrl("/doLogin.html");
    http.exceptionHandling().authenticationEntryPoint(copartAuthenticationEntryPoint);
    http.csrf().disable().headers().disable().sessionManagement().sessionFixation().none();

    http.addFilterAfter(new RestTimoutRedirectFilter(), ExceptionTranslationFilter.class)
            .addFilterAfter(copartPreAuthenticationFilter, AbstractPreAuthenticatedProcessingFilter.class)
            .addFilterBefore(memberSiteCodeFilter, AnonymousAuthenticationFilter.class)
            .addFilterBefore(memberSiteCodeFilter, AbstractPreAuthenticatedProcessingFilter.class)
            .anonymous().authenticationFilter(new CopartAnonymousAuthenticationFilter());

    http.authorizeRequests().antMatchers(loginUrl).access("isAnonymous() or isAuthenticated()")
            .antMatchers(publicURLPatterns).permitAll().anyRequest().fullyAuthenticated().and()
            .formLogin().loginProcessingUrl(loginUrl).loginPage(loginPage).permitAll().usernameParameter("username")
            .passwordParameter("password").successHandler(copartAuthenticationSuccessHandler)
            .failureUrl("/doLogin.html?result=error&error=authFailure").permitAll().and().logout()
            .logoutUrl("/logout").invalidateHttpSession(true).logoutSuccessUrl("/doLogout.html?result=success")
            .deleteCookies(Constants.AUCTION_COOKIE).permitAll();
    http.portMapper().http(HTTP_PORT).mapsTo(HTTPS_PORT).http(HTTP_PORT1).mapsTo(HTTPS_PORT1);
}

每当虚荣URL xml发生变化时,我需要一种方法来重新配置spring安全性。

0 个答案:

没有答案
相关问题
最新问题