applicationcontext.xml的部分
<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map request-matcher="ant">
<security:filter-chain pattern="/health"
filters="none" />
<security:filter-chain pattern="/swagger-ui.html"
filters="none" />
<security:filter-chain pattern="/images/**"
filters="none" />
<security:filter-chain pattern="/webjars/**"
filters="none" />
<security:filter-chain pattern="/v2/apidocs"
filters="none" />
<security:filter-chain pattern="/*.ico"
filters="none" />
<security:filter-chain pattern="/**"
filters="customAuthorizationFilter" />
</security:filter-chain-map>
file:security-context.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<http>
<intercept-url pattern="/swagger-ui.html" access="hasRole('ROLE_ADMIN')" />
<http-basic/>
<csrf disabled="true"/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="abc" password="Basicauth" authorities="ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
有自定义过滤器通过验证请求和检查错误来保护方法。 包含security-context.xml文件后,为具有用户名和密码的特定端点(swagger-ui.html)提供基于资源的安全性。
在此安全性更改后,自定义筛选器身份验证不起作用,可能会被新的安全性实现覆盖。如何解决这个问题?
答案 0 :(得分:0)
在提出答案之前没有足够的时间来测试它,但您可以尝试创建自定义过滤器,如下所示:
<custom-filter ref="customAuthorizationFilter" before="BASIC_AUTH_FILTER"/>
我认为这是关于过滤器的优先级。