每个WebSecurityConfigurerAdapter的Spring Security单独登录信息

Question

所以我面临的问题如下。 我有2条想要保护的路由：/ api / v1和/ api / v2。 我已经实现了其余控制器作为检查当前使用的Principal的方法：

    @RestController
public class UserRestController {
    @RequestMapping("/api/v1/user")
    public Principal sayHello(Principal principal) {
        return principal;
    }

    @RequestMapping("/api/v2/user")
    public Principal sayHello2(Principal principal) {
        return principal;
    }
}

我想要做的是每条路线有不同的授权机制。 我当前的配置如下：

    @Configuration
@EnableWebSecurity
public class WebSecurityConfig{


    @Configuration
    @Order(1)
    public static class ApiWebSecurityConfig extends WebSecurityConfigurerAdapter{

        @Autowired
        public void configure(AuthenticationManagerBuilder auth) throws Exception {
            auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
        }

        @Override
        protected void configure(HttpSecurity http) throws Exception {              
            http    .antMatcher("/api/v1/**")
                    .authorizeRequests()
                    .antMatchers("/api/v1/**").hasRole("USER")
                    .and()
                    .httpBasic();
        }
    }

    @Configurable
    @EnableOAuth2Sso
    @Order(2)
    public static class ApiTokenSecurityConfig extends WebSecurityConfigurerAdapter{

        @Autowired
        OAuth2ClientContext oauth2ClientContext;
        @Autowired
        AuthorizationCodeResourceDetails authorizationCodeResourceDetails;
        @Autowired
        ResourceServerProperties resourceServerProperties;

        /**
         * Method for creating filter for OAuth authentication
         *
         * @return OAuth2ClientAuthenticationProcessingFilter
         */
        private OAuth2ClientAuthenticationProcessingFilter filter() {
            // Creating the filter for "/auth" url
            OAuth2ClientAuthenticationProcessingFilter oAuth2Filter = new OAuth2ClientAuthenticationProcessingFilter(
                    "/auth");

            // Creating the rest template for getting connected with OAuth service.
            // The configuration parameters will inject while creating the bean.
            OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(authorizationCodeResourceDetails,
                    oauth2ClientContext);
            oAuth2Filter.setRestTemplate(oAuth2RestTemplate);

            // setting the token service. It will help for getting the token and
            // user details from the OAuth Service
            oAuth2Filter.setTokenServices(new UserInfoTokenServices(resourceServerProperties.getUserInfoUri(),
                    resourceServerProperties.getClientId()));

            return oAuth2Filter;
        }

        @Override
        protected void configure(HttpSecurity http) throws Exception {
                http
                    .authorizeRequests()
                    .antMatchers("/api/v2/**").hasRole("USER")
                    .and()
                    .formLogin()
                    .loginPage("/auth").permitAll()
                    .and()
                    .addFilterAt(filter(), BasicAuthenticationFilter.class);
        }
    }
}

我观察到的行为是，如果我访问（和登录）/ api / v1 / user，那么/ api / v2 / user中使用的主体将是相同的，反之亦然。 我的问题如下：我怎么能避免这种情况？如何在两条不同的路由之间尽可能多地隔离安全类型？

由于