Spring Security WebSecurityConfigurerAdapter配置

时间:2019-02-01 00:06:02

标签: spring-boot spring-security pre-authentication

我有一个具有以下2个端点的简单Spring Boot应用程序:

  • int:需要Shibboleth SSO和&授权角色
  • ext:无需SSO,无需授权

我已经实现了PreAuthenticationFilter以便与SSO一起使用。下边是 配置不起作用:

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http
            .authorizeRequests()
                .antMatchers("/ext/**").permitAll()
                .anyRequest().authenticated()
                .and()
            .authorizeRequests()
                .and()
            .addFilter(preAuthenticationFilter());
    }
}

PreAuthenticationFilter是否应该绕过/ext端点?但是,以上配置强制两个端点都转到PreauthenticationFilter。也尝试过

web.ignoring().antMatchers("/ext/**")

无济于事。

这是我程序的其余部分:

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/ext/**").permitAll()
                .anyRequest().authenticated()
                .and()
            .authorizeRequests()
                .and()
            .addFilter(preAuthenticationFilter());
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        //web.ignoring().antMatchers("/ext/**");
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        PreAuthenticatedAuthenticationProvider authenticationProvider = new PreAuthenticatedAuthenticationProvider();
        authenticationProvider.setPreAuthenticatedUserDetailsService(new ShibbolethUserDetailsService());
        auth.authenticationProvider(authenticationProvider);
    }

    @Bean
    RequestHeaderAuthenticationFilter preAuthenticationFilter() throws Exception {
        ShibbolethRequestHeaderAuthenticationFilter filter = new ShibbolethRequestHeaderAuthenticationFilter();
        filter.setAuthenticationManager(authenticationManager());       
        return filter;
    }

0 个答案:

没有答案