使用keycloak保护Spring Data REST应用程序时,spring安全性允许通过使配置类扩展KeycloakWebSecurityConfigurerAdapter并覆盖configure(HttpSecurity)来保护REST端点,如下所示:
@Configuration
@EnableWebSecurity
@ComponentScan(basePackageClasses = KeycloakSecurityComponents.class)
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class KeycloakSecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/customers/**").hasRole("view-customers")
.antMatchers(HttpMethod.POST, "/customers/**").hasRole("create-customers")
.antMatchers(HttpMethod.PATCH, "/customers/**").hasRole("edit-customers")
.anyRequest().authenticated();
}
}
但是对此进行硬编码会使未来的变化变得困难。有更好的方法吗?