具有多个调度程序servlet的Spring多个HttpSecurity

时间:2016-10-28 08:04:11

标签: spring-mvc spring-security spring-restcontroller

我有多个HttpSecurity实例,一个用于以/ api /开头的RESTFul api URL,另一个用于基于表单的登录。我还有2个调度程序用于正常请求,其他用于其他API调用。但我需要两个吗?

@Bean
    public ServletRegistrationBean dispatcherRegistration(DispatcherServlet dispatcherServlet) {
        ServletRegistrationBean registration = new ServletRegistrationBean(dispatcherServlet);
        registration.addUrlMappings("/api/*", "/");
        return registration;
    }

我的REST控制器

@RestController
@RequestMapping("/cm/dealer")
public class DealerController {
    @Autowired
    DealerMgmt dealerMgmt;

    @RequestMapping(value = "/findByDealerStatus", method = RequestMethod.GET)
    public Page<Dealer> findByDealerStatus(@RequestParam int page, @RequestParam("dealerStatus") String dealerStatus) {        
        Page<Dealer> dealers = dealerMgmt.isEditable(dealerMgmt.findByDealerStatus(page, dealerStatus));
        return dealers;
    }
}

但是这个REST控制器都可以被调度程序访问。但我希望只有/ api /

才能访问 
/api/cm/dealer/findByDealerStatus
/cm/dealer/findByDealerStatus

我应该只有一个默认调度程序并将我的REST控制器注释到@RequestMapping(“/ api / cm / dealer”)是正确的方法吗?或者做正确的方法是什么。

1 个答案:

答案 0 :(得分:0)

您必须添加两个单独的servlet,现在您已映射了单个调度程序servlet 2路径映射。

扩展AbstractAnnotationConfigDispatcherServletInitializer 

 public class WebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {

  @Override
  public void onStartup(ServletContext servletContext) throws ServletException

   ..

  ServletRegistration.Dynamic dispatcher = servletContext.addServlet(
   "dispatcher",
   new DispatcherServlet(dispatcherContext));
  dispatcher.setLoadOnStartup(1);
  dispatcher.addMapping("/");

  ServletRegistration.Dynamic dispatcher = servletContext.addServlet(
   "apidispatcher",
   new DispatcherServlet(dispatcherContext));
  dispatcher.setLoadOnStartup(1);
  dispatcher.addMapping("/api");

 //
 }

 }


@Bean
    public ServletRegistrationBean apiDispather() {
        DispatcherServlet dispatcherServlet = new DispatcherServlet();

        AnnotationConfigWebApplicationContext applicationContext = new AnnotationConfigWebApplicationContext();
        applicationContext.register(ResourceConfig.class);
        dispatcherServlet.setApplicationContext(applicationContext);

        ServletRegistrationBean servletRegistrationBean = new ServletRegistrationBean(dispatcherServlet, "/api/");
        servletRegistrationBean.setName("apiDispather");
        return servletRegistrationBean;
    }

@Bean
    public ServletRegistrationBean dispather() {
        DispatcherServlet dispatcherServlet = new DispatcherServlet();

        AnnotationConfigWebApplicationContext applicationContext = new AnnotationConfigWebApplicationContext();
        applicationContext.register(WebConfig.class);
        dispatcherServlet.setApplicationContext(applicationContext);

        ServletRegistrationBean servletRegistrationBean = new ServletRegistrationBean(dispatcherServlet, "/");
        servletRegistrationBean.setName("dispather");
        return servletRegistrationBean;
    }
相关问题
最新问题