春季安全的多个入口点

时间:2019-02-05 19:17:28

标签: spring

我有一个Spring Boot应用程序,该应用程序应允许针对数据库和基于SSO CAS的身份验证进行基于表单的身份验证。

我从此处(https://www.baeldung.com/spring-security-multiple-entry-points)开始遵循示例,在我看来Order不能按预期工作。它始终使用标注为Order(1)的入口作为入口。

这是我的代码,

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Configuration
    @Order(2)
    public static class WebSecurityCASConfig extends WebSecurityConfigurerAdapter {
        public WebSecurityCASConfig() {
            super();
        }

        @Autowired 
        private AuthenticationEntryPoint authenticationEntryPoint;



        @Override
        protected void configure(HttpSecurity http) throws Exception {

            http

            .authorizeRequests()
            .antMatchers(
                    "/js/**",
                    "/css/**",
                    "/images/**").permitAll()
            .regexMatchers("/login1")
            .authenticated()
            .and()
            .authorizeRequests()
            .and()
            .httpBasic()
            .authenticationEntryPoint(authenticationEntryPoint);


        }


    }



    //second

    @Configuration
    @Order(1)
    public static class WebSecurityDatabaseConfig extends WebSecurityConfigurerAdapter {

        public WebSecurityDatabaseConfig() {
            super();
        }

        @Autowired                                                                                                                                                                                                                                                                      
        UserDetailServiceImpl userDetailsService;

        @Autowired   
        BCryptPasswordEncoder passwordEncoder;




        @Autowired
        public void configure(AuthenticationManagerBuilder auth) throws Exception { 

            auth.userDetailsService(userDetailsService)
            .passwordEncoder(passwordEncoder);   

        }

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
            .authorizeRequests()
            .antMatchers(
                    "/js/**",
                    "/css/**",
                    "/images/**").permitAll()
            //.antMatchers("/catalog").access("hasAnyRole('ROLE_USER', 'ROLE_ADMIN')")
            ////.antMatchers("/login1").permitAll()
            .anyRequest().authenticated()
            .and()
            .formLogin()
            .loginPage("/login")
            .defaultSuccessUrl("/catalog", true)
            .permitAll()
            .usernameParameter("username")
            .passwordParameter("password")
            .and()
            .logout()
            .permitAll()
            .logoutUrl("/logout").logoutSuccessUrl("/logout")
            .and().exceptionHandling().accessDeniedPage("/403");


        }
    }

}

我希望两种配置都基于URL模式。任何解决方案/帮助/建议将不胜感激。谢谢。

1 个答案:

答案 0 :(得分:0)

我为此找到了解决方案。我只是简单地遵循了spring文档在5.9(https://docs.spring.io/spring-security/site/docs/5.0.0.RELEASE/reference/htmlsingle/)中所说的内容,以及另一个关于stackoverflow的问题,Spring Security : Multiple HTTP Config not working

相关问题
最新问题