我在Spring模块A和B中有以下场景:
- 模块A - 具有单点登录安全设置的Spring模块,使用@ EnableOAuth2Sso,@ EnableWebSecurity(debug = true)和@Order(Ordered.HIGHEST_PRECEDENCE)
- 模块B - Spring Boot应用程序,A作为依赖项,不使用任何安全配置。
当我启动B时,我得到2个Filter链,第一个来自模块A,它用于SSO,第二个来自模块B并且是多余的:
- ossweb.DefaultSecurityFilterChain:创建过滤器链:AnyRequestMatcher @ 1,[WebAsyncManagerIntegrationFilter @ 1407b93f,SecurityContextPersistenceFilter @ 38241615,OAuth2ClientContextFilter @ 31a8c3a3,HeaderWriterFilter @ 6bf2ecbb,LogoutFilter @ 6cc022ac,OAuth2ClientAuthenticationProcessingFilter @ 5aff8207,BasicAuthenticationFilter一样@ 42eaf47f,RequestCacheAwareFilter @ 42fc744,SecurityContextHolderAwareRequestFilter @ 6eeb15f9,AnonymousAuthenticationFilter @ 6a5a99d9,SessionManagementFilter @ 5955568,ExceptionTranslationFilter @ 74ec4df3,FilterSecurityInterceptor @ 6a577564]
- ossweb.DefaultSecurityFilterChain:创建过滤器链:AnyRequestMatcher @ 1,[WebAsyncManagerIntegrationFilter @ 138110f8,SecurityContextPersistenceFilter @ 6278371a,HeaderWriterFilter @ 6b61a4b0,LogoutFilter @ 30623109,RequestCacheAwareFilter @ c6a1be2,SecurityContextHolderAwareRequestFilter @ 6a486afb,AnonymousAuthenticationFilter @ 4fe8ac61,SessionManagementFilter @ 5c00de0d,的ExceptionTranslationFilter @ 32db94fb]
问题:
- 如何禁用无用的默认过滤器链?
- 模块A的调试标志 - @EnableWebSecurity(debug = true),在运行模块B时被忽略,我无法调试安全设置
- 是否可以延长" A链并在B中添加更多过滤器?