Spring Boot具有不同的安全上下文

时间:2018-01-12 14:49:20

标签: spring spring-mvc spring-boot spring-security

我有两个DispatcherServlet,我希望它们有不同的背景。第一个servlet应该使用spring security来保护,第二个servlet根本不应该使用安全性。

我按如下方式注册servlet:

@SpringBootApplication(exclude = {DispatcherServletAutoConfiguration.class})
public class Application{

    public static void main(String[] args) {
         SpringApplication.run(Application.class, args);
    }

    @Bean
    public ServletRegistrationBean FirstServletRegistration() {
        DispatcherServlet dispatcherServlet = new DispatcherServlet();
        AnnotationConfigWebApplicationContext applicationContext = new AnnotationConfigWebApplicationContext();
        applicationContext.register(FirstWebConfig.class, SecurityConfig.class);
        dispatcherServlet.setApplicationContext(applicationContext);

        ServletRegistrationBean registrationBean = new ServletRegistrationBean(
            dispatcherServlet, "/api/*"
        );

        registrationBean.setName("firstServlet");
        return registrationBean;
    }

    @Bean
    public ServletRegistrationBean SecondServletRegistration() {
        DispatcherServlet dispatcherServlet = new DispatcherServlet();
        AnnotationConfigWebApplicationContext applicationContext = new AnnotationConfigWebApplicationContext();
        applicationContext.register(SecondWebConfig.class);
        dispatcherServlet.setApplicationContext(applicationContext);

        ServletRegistrationBean registrationBean = new ServletRegistrationBean(
            dispatcherServlet, "/*"
        );

        registrationBean.setName("secondServlet");
        return registrationBean;
    }
}

对于每个servlet,我设置了上下文:

  • @Configuration
@EnableWebMvc
@ComponentScan("com.example.app.controllers.first")
public class FirstWebConfig extends WebMvcConfigurerAdapter {

    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}

  • @Configuration
@EnableWebMvc
@ComponentScan("com.example.app.controllers.second")
public class SecondWebConfig extends WebMvcConfigurerAdapter {

}

我想仅将SecurityConfig用于“firstServlet”:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    private final BCryptPasswordEncoder passwordEncoder;
    private final DataSource dataSource;

    @Autowired
    public SecurityConfig(BCryptPasswordEncoder passwordEncoder, DataSource dataSource) {
        this.passwordEncoder = passwordEncoder;
        this.dataSource = dataSource;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.jdbcAuthentication()
                .usersByUsernameQuery(USERS_BY_USERNAME_QUERY)
                .authoritiesByUsernameQuery(AUTHORITIES_BY_USERNAME_QUERY)
                .dataSource(dataSource)
                .passwordEncoder(passwordEncoder);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .anyRequest().authenticated().and()
                .formLogin()
                    .loginPage("/api/login")
                    .usernameParameter("username")
                    .passwordParameter("password")
                    .and()
                .httpBasic().and()
                .csrf().disable();
    }
}

那么如何排除“secondServlet”的安全性使用?

0 个答案:

没有答案
相关问题
最新问题