允许使用用户名/密码访问一个URL,从IP地址访问其他URL

时间:2016-07-28 07:14:51

标签: java spring spring-security

我试图弄清楚如何使用Spring Security执行以下操作:

我需要在/webhooks/的某个端点上允许外部访问,但是使用HTTP基本用户名/密码保护它。在所有其他端点上,必须限制访问,但某些子网除外。

这是我迄今为止所拥有的。它不起作用,因为一切都被拒绝了。

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * Created on 27 July 2016 @ 1:49 PM
 * Component for project "security"
 */
@Configuration
@EnableWebSecurity
@PropertySource("classpath:/test.properties")
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Value("${test.webhooks.username}")
    private String username;
    @Value("${test.webhooks.password}")
    private String password;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()

                        .antMatchers("/webhooks/").authenticated()
                .and().authorizeRequests()
                        .antMatchers("/**").hasIpAddress("10.0.0.0/8")
                        .antMatchers("/**").hasIpAddress("172.16.0.0/16")
                        .antMatchers("/**").hasIpAddress("192.168.1.0/24")
                        .antMatchers("/**").hasIpAddress("172.0.0.0/8")
                        .antMatchers("/**").denyAll()
        ;

    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder
                .inMemoryAuthentication()
                        .withUser(username).password(password).roles("WEBHOOKS_ACCESS")
        ;
    }
}

任何帮助都会很棒!在任何情况下,我都不确定链式蚂蚁匹配器是否正确。

1 个答案:

答案 0 :(得分:0)

好的,我发现了如何做到这一点。不确定这是不是春天的方式"或者其他什么,但似乎有效。欢迎任何建议。

所以我的新课程如下:

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * Created on 27 July 2016 @ 1:49 PM
 * Component for project "security"
 *
 */
@Configuration
@EnableWebSecurity
@PropertySource("classpath:/security.properties")
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Value("${security.webhooks.username}")
    private String username;
    @Value("${security.webhooks.password}")
    private String password;

    @Configuration
    @Order(1)
    public static class WebHookSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
        protected void configure(HttpSecurity http)  throws Exception {
            http.antMatcher("/webhooks/")
                    .authorizeRequests()
                        .anyRequest().hasRole("WEBHOOKS_ACCESS")
                        .and()
                    .httpBasic()
                        .and()
                    .csrf().disable();
        }
    }

    @Configuration
    @Order(2)
    public static class InternalSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
        protected void configure(HttpSecurity http) throws Exception {
            http.antMatcher("/**")
                    .authorizeRequests()
                        .anyRequest()
                        .access("hasIpAddress('10.0.0.0/8') or hasIpAddress('172.16.0.0/16') or hasIpAddress('192.168.1.0/24') or hasIpAddress('172.0.0.0/8') or hasIpAddress('127.0.0.1')")
            ;
        }
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder
                .inMemoryAuthentication()
                        .withUser(username).password(password).roles("WEBHOOKS_ACCESS")
        ;
    }
}

我从this documentation派生出来的。希望这有助于某人!