具有多个WebSecurityConfigurerAdapters的不同领域

时间:2018-01-19 08:46:26

标签: spring-security

我有一个Spring Security配置,我希望/stats的请求在与所有其他请求不同的域中受到保护,即当我导航到/时,我将收到HTTP基本登录提示表单,在我登录并导航到/stats后,还有另一个HTTP基本登录表单,因为我还没有登录该域。我当前配置的问题是,一旦我在/登录并导航到/stats,我就会收到403,因为我已登录但具有不同的权限。这是我的配置:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity
public class PortalServiceSecurityConfig {

    @Configuration
    @Order(1)
    static class StatsWebSecConfig extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
            auth
                .inMemoryAuthentication()
                        .withUser("user").password("password").authorities("STATS");
        }

        @Bean
        public AuthenticationEntryPoint authenticationEntryPoint() {
            final BasicAuthenticationEntryPoint entryPoint = new BasicAuthenticationEntryPoint();
            entryPoint.setRealmName("stats realm");
            return entryPoint;
        }

        @Override
        protected void configure(final HttpSecurity http) throws Exception {
            http.antMatcher("/stats").authorizeRequests()
                .antMatchers("/stats").hasAuthority("STATS")
                .and().httpBasic().authenticationEntryPoint(authenticationEntryPoint());
        }
    }

    @Configuration
    @Order(2)
    static class PortalServiceConfig extends WebSecurityConfigurerAdapter {

        @Autowired
        private WebserviceAuthenticationConfiguration configService;

        @Autowired
        private SoapFaultDetailtConverter soapFaulDetailtConverter;

        @Bean
        @Override
        public AuthenticationManager authenticationManagerBean() throws Exception {
            return super.authenticationManagerBean();
        }

        @Bean
        @Override
        protected UserDetailsService userDetailsService() {
            return new DefaultPortalSecurityService(configService);
        }


        @Bean
        SecurityWebApplicationInitializer securityWebApplicationInitializer() {
            return new SecurityWebApplicationInitializer();
        }

        @Override
        public void configure(final AuthenticationManagerBuilder auth) throws Exception {
            auth.userDetailsService(userDetailsService());
        }

        @Bean
        public AuthenticationEntryPoint authenticationEntryPoint() {
            final BasicAuthenticationEntryPoint entryPoint = new BasicAuthenticationEntryPoint();
            entryPoint.setRealmName("ws realm");
            return entryPoint;
        }


        @Override
        protected void configure(final HttpSecurity http) throws Exception {
            http.authorizeRequests()
                .antMatchers("/resources/**").permitAll()
                    .anyRequest().hasAuthority("WEBSERVICE")
                .and()
                .csrf().disable()
                .httpBasic().authenticationEntryPoint(authenticationEntryPoint());
        }

    }
}

0 个答案:

没有答案
相关问题
最新问题