SpringSecurity多个配置

时间:2018-08-23 06:09:42

标签: java spring spring-security configuration

在Spring Security中,我想要3种特殊URL的配置。主配置类中的每个此类都用@EnableWebSecurity注释。不幸的是,通过输入地址/login/refreshtoken,它们都会触发自己的过滤器。我应该如何限制每个人照顾自己?

第一个配置:

    @Configuration
@Order(1)
public static class refreshTokenFilter extends WebSecurityConfigurerAdapter{


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.antMatcher("/login/refreshtoken")
                .csrf().disable()
                .cors().and()
                .authorizeRequests()
                .antMatchers("/login/refreshtoken").permitAll()
                .and().addFilterAfter(refreshTokenFilter(),UsernamePasswordAuthenticationFilter.class);
    }
    @Bean
    public RefreshTokenFilter refreshTokenFilter(){
        return new RefreshTokenFilter();
    }
}

第二个:

@Configuration
@Order(2)
public static class loginFilter extends WebSecurityConfigurerAdapter{

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .antMatcher("/login").authorizeRequests()
                .antMatchers("/login").permitAll()
                .and().addFilterBefore(loginFilter(),UsernamePasswordAuthenticationFilter.class);
    }
    @Bean
    public LoginFilter loginFilter(){
        return new LoginFilter();
    }
}

第三个:

    @Configuration
    @Order(3)
    public static class endpointsFilter extends  WebSecurityConfigurerAdapter{


 @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.antMatcher("/twitter/**").antMatcher("/instagram/**")
                    .csrf().disable()
                    .cors()
                    .and().rememberMe().disable()
                    .authorizeRequests()
                    .antMatchers(HttpMethod.GET,"/twitter/**","/instagram/**").permitAll()
                    .antMatchers(HttpMethod.GET, AUTH_WHITELIST).permitAll()
                    .and().exceptionHandling().authenticationEntryPoint(authenticationEntryPoint)
                    .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                    .and().requestCache().disable()
                    .logout().and()
                    .addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);

        }

0 个答案:

没有答案