我试图弄清楚如何使用Spring Security执行以下操作:
我需要在/webhooks/
的某个端点上允许外部访问,但是使用HTTP基本用户名/密码保护它。在所有其他端点上,必须限制访问,但某些子网除外。
这是我迄今为止所拥有的。它不起作用,因为一切都被拒绝了。
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
/**
* Created on 27 July 2016 @ 1:49 PM
* Component for project "security"
*/
@Configuration
@EnableWebSecurity
@PropertySource("classpath:/test.properties")
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Value("${test.webhooks.username}")
private String username;
@Value("${test.webhooks.password}")
private String password;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/webhooks/").authenticated()
.and().authorizeRequests()
.antMatchers("/**").hasIpAddress("10.0.0.0/8")
.antMatchers("/**").hasIpAddress("172.16.0.0/16")
.antMatchers("/**").hasIpAddress("192.168.1.0/24")
.antMatchers("/**").hasIpAddress("172.0.0.0/8")
.antMatchers("/**").denyAll()
;
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
authenticationManagerBuilder
.inMemoryAuthentication()
.withUser(username).password(password).roles("WEBHOOKS_ACCESS")
;
}
}
任何帮助都会很棒!在任何情况下,我都不确定链式蚂蚁匹配器是否正确。
答案 0 :(得分:0)
好的,我发现了如何做到这一点。不确定这是不是春天的方式"或者其他什么,但似乎有效。欢迎任何建议。
所以我的新课程如下:
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
/**
* Created on 27 July 2016 @ 1:49 PM
* Component for project "security"
*
*/
@Configuration
@EnableWebSecurity
@PropertySource("classpath:/security.properties")
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Value("${security.webhooks.username}")
private String username;
@Value("${security.webhooks.password}")
private String password;
@Configuration
@Order(1)
public static class WebHookSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/webhooks/")
.authorizeRequests()
.anyRequest().hasRole("WEBHOOKS_ACCESS")
.and()
.httpBasic()
.and()
.csrf().disable();
}
}
@Configuration
@Order(2)
public static class InternalSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/**")
.authorizeRequests()
.anyRequest()
.access("hasIpAddress('10.0.0.0/8') or hasIpAddress('172.16.0.0/16') or hasIpAddress('192.168.1.0/24') or hasIpAddress('172.0.0.0/8') or hasIpAddress('127.0.0.1')")
;
}
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
authenticationManagerBuilder
.inMemoryAuthentication()
.withUser(username).password(password).roles("WEBHOOKS_ACCESS")
;
}
}
我从this documentation派生出来的。希望这有助于某人!