我正在尝试使用Basic Auth通过LDAP进行身份验证,但我只需要使用/ login route进行身份验证。所有其他路由都需要通过我实现的自定义JWT过滤器进行身份验证。实际上,我所做的只是不起作用。
编辑:为了更清楚,在我调用/ auth / login时,它会通过LDAP过滤器而不是JWT过滤器。但是当我调用任何其他路由时,它会通过JWT过滤器然后仍然通过LDAP,并且总是使我的请求失败。只有当/ auth / login调用时,行为才会正确。
以下是配置:
public class SecurityConfiguration {
@Configuration
@EnableWebSecurity
@Order(Ordered.HIGHEST_PRECEDENCE + 21)
public static class CompanySecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private LdapContextSource ldapContextSource;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.ldapAuthentication().contextSource(ldapContextSource).userDnPatterns("uid={0},ou=people");
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.httpBasic().and()
.requestMatchers()
.antMatchers("/auth/login")
.and().authorizeRequests().anyRequest().authenticated()
.and().csrf().disable();
}
}
@Configuration
@EnableWebSecurity
@Order(Ordered.HIGHEST_PRECEDENCE + 20)
public static class JWTSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.requestMatchers()
.antMatchers("/projects", "/projects/**", "/credential/**")
.and()
.addFilterAfter(new JWTFilter(), UsernamePasswordAuthenticationFilter.class)
.authorizeRequests().anyRequest().authenticated()
.and().cors().disable();
}
}
}