我需要在运行时为我的用例更改spring安全配置,我需要维护一个包含虚URL和相应url的XML。所以我需要在运行时告诉spring新添加到XML的url而不是阻止对这些公共URL的访问。
我的启动配置如下所示。
public static String[] PERMIT_ALL_URLS = new String[] { "/css/**", "/js/**", "/images/**", "/healthcheck.jsp", "/healthCheck",
"/healthcheck.xml", "/memberLogin.html", "/login.html","/wro/**","/*home.html", "/home.html","/auctions.html","/*auctions.html", "/upgrade-subscription", "/pages/**","/public/**", "/", "/Content/**","/CMS/Content/**","/saleListResultAllFrame/**"};
@Override
protected void configure(HttpSecurity http) throws Exception {
List<String> permitAllUrls = new ArrayList<>(Arrays.asList(PERMIT_ALL_URLS));
if (configDataManager.getAllRedirectUrlsMap() != null)
{
permitAllUrls.addAll(configDataManager.getAllRedirectUrlsMap().keySet());
}
String[] publicURLPatterns = permitAllUrls.toArray(new String[permitAllUrls.size()]);
_logger.info("Loading Spring Security Configurations - Public URLS - " + publicURLPatterns);
copartAuthenticationSuccessHandler.setDefaultTargetUrl("/doLogin.html");
http.exceptionHandling().authenticationEntryPoint(copartAuthenticationEntryPoint);
http.csrf().disable().headers().disable().sessionManagement().sessionFixation().none();
http.addFilterAfter(new RestTimoutRedirectFilter(), ExceptionTranslationFilter.class)
.addFilterAfter(copartPreAuthenticationFilter, AbstractPreAuthenticatedProcessingFilter.class)
.addFilterBefore(memberSiteCodeFilter, AnonymousAuthenticationFilter.class)
.addFilterBefore(memberSiteCodeFilter, AbstractPreAuthenticatedProcessingFilter.class)
.anonymous().authenticationFilter(new CopartAnonymousAuthenticationFilter());
http.authorizeRequests().antMatchers(loginUrl).access("isAnonymous() or isAuthenticated()")
.antMatchers(publicURLPatterns).permitAll().anyRequest().fullyAuthenticated().and()
.formLogin().loginProcessingUrl(loginUrl).loginPage(loginPage).permitAll().usernameParameter("username")
.passwordParameter("password").successHandler(copartAuthenticationSuccessHandler)
.failureUrl("/doLogin.html?result=error&error=authFailure").permitAll().and().logout()
.logoutUrl("/logout").invalidateHttpSession(true).logoutSuccessUrl("/doLogout.html?result=success")
.deleteCookies(Constants.AUCTION_COOKIE).permitAll();
http.portMapper().http(HTTP_PORT).mapsTo(HTTPS_PORT).http(HTTP_PORT1).mapsTo(HTTPS_PORT1);
}
每当虚荣URL xml发生变化时,我需要一种方法来重新配置spring安全性。