在我的应用程序中,我有一些REST层需要调用有效的OAuth2 access_token。我还有WebDav端点,必须要求通过LDAP进行身份验证。我当前的Spring Resource Server配置是:
@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
private final ResourceServerProperties resource;
private final OAuth2AuthenticationEntryPoint unauthorizedEntryPoint;
@Value("${security.oauth2.server.public.paths}")
private String[] publicPaths;
@Autowired
public ResourceServerConfiguration(ResourceServerProperties resource, UnauthorizedEntryPoint unauthorizedEntryPoint) {
this.resource = resource;
this.unauthorizedEntryPoint = unauthorizedEntryPoint;
}
@Override
public void configure(HttpSecurity http) throws Exception {
// Logout functionality is implemented in LogoutController.
http.logout().disable();
http.authorizeRequests()
.antMatchers(publicPaths).permitAll()
.antMatchers("/api/secure/password/**").hasAnyAuthority(USER_ROLES)
.antMatchers("/webdav/**").authenticated()
.antMatchers("/**").denyAll();
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.authenticationEntryPoint(unauthorizedEntryPoint).resourceId(this.resource.getResourceId());
}
}
全球安全配置:
@EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
public class GlobalSecurityConfiguration extends GlobalMethodSecurityConfiguration {
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
return new OAuth2MethodSecurityExpressionHandler();
}
@Bean
public AuthenticationManager authenticationManager(MyCustomOAuth2AuthenticationProvider myCustomOAuth2AuthenticationProvider, ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider) {
return new ProviderManager(Arrays.asList(myCustomOAuth2AuthenticationProvider, activeDirectoryLdapAuthenticationProvider));
}
}
当我通过浏览器打开/webdav/something网址时,我会检索默认的OAuth2 401错误消息"访问此资源需要完全身份验证"。
如何配置Spring以尝试调用ActiveDirectoryLdapAuthenticationProvider而不是显示默认错误消息?