使用自定义AuthenticationProvider的Sprint安全性匿名和已认证请求配置

时间:2018-08-02 09:09:49

标签: java spring-security

我是Spring Boot的新手。我正在尝试使用Spring Security设置Auth。我有rest控制器,一个带有匿名访问权限,另一个带有身份验证。我们有自己的安全提供商。

我编写了自己的身份验证提供程序,并按如下进行配置。我所有的请求都要求提供身份验证。我在这里做错了什么?我已经阅读了Spring Security中的过滤器顺序。

public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    // Security Entrypoint
    private AuthEntryPoint authEntryPoint;
    // Auth Provider
    @Autowired
    private AuthProvider authProvider;

    @Override
    public void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf().disable()
                .authorizeRequests()
                .antMatchers("/docs").permitAll()
                .and()
                .authorizeRequests().anyRequest()
                .authenticated()
                .antMatchers("/mysecured/*")
                .hasAuthority("admin") 
                .and()
                .exceptionHandling()
                .authenticationEntryPoint(authEntryPoint)
                .and()      .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .addFilterBefore(authenticationTokenFilterBean(), AbstractPreAuthenticatedProcessingFilter.class);
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) {

        auth.authenticationProvider(authProvider);
    }

    @Bean
    public JwtAuthenticationTokenFilter authenticationTokenFilterBean() throws Exception {
        JwtAuthenticationTokenFilter authenticationTokenFilter = new JwtAuthenticationTokenFilter();
        authenticationTokenFilter.setAuthenticationManager(authenticationManager());
        authenticationTokenFilter.setAuthenticationSuccessHandler(new JwtAuthenticationSuccessHandler());
        authenticationTokenFilter.setAuthenticationFailureHandler(new JwtAuthenticationFailureHandler());
        return authenticationTokenFilter;
    }

}

0 个答案:

没有答案
相关问题
最新问题