我希望根据我输入的网址输入两种不同的http配置。例如,当我输入“ localhost:8080 / HQ / test_web”时,我希望此配置进入。
@Configuration
@Order(1)
public static class FirstWaveFilters extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/HQ/test_web/**").anonymous().and().addFilterBefore(new CustomFilter(),BasicAuthenticationFilter.class);
}
}
但是,如果还有其他要求,我希望此配置可以使用:
@Configuration
@Order(2)
public static class SecondWaveFilters extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable().authorizeRequests()
.antMatchers("/h2-console/**").permitAll()
.antMatchers("/webjars/**").permitAll()
.antMatchers(HttpMethod.POST, SIGN_UP_URL).permitAll()
.anyRequest().authenticated()
.and()
.addFilter(new JWTAuthenticationFilter(authenticationManager()))
.addFilter(new JWTAuthorizationFilter(authenticationManager()))
// this disables session creation on Spring Security
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.authorizeRequests().antMatchers("/**").permitAll();
http.csrf().disable();
http.headers().frameOptions().disable();
}
}
我将它们设置为与Spring Security文档建议的类相同的类:
@EnableWebSecurity
public class WebSecurity extends WebSecurityConfigurerAdapter {
private UserDetailsServiceImpl userDetailsService;
private BCryptPasswordEncoder bCryptPasswordEncoder;
public WebSecurity(UserDetailsServiceImpl userDetailsService, BCryptPasswordEncoder bCryptPasswordEncoder) {
this.userDetailsService = userDetailsService;
this.bCryptPasswordEncoder = bCryptPasswordEncoder;
}
@Configuration
@Order(1)
public static class FirstWaveFilters extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/HQ/test_web/**").anonymous().and().addFilterBefore(new CustomFilter(),BasicAuthenticationFilter.class);
}
}
@Configuration
@Order(2)
public static class SecondWaveFilters extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable().authorizeRequests()
.antMatchers("/h2-console/**").permitAll()
.antMatchers("/webjars/**").permitAll()
.antMatchers(HttpMethod.POST, SIGN_UP_URL).permitAll()
.anyRequest().authenticated()
.and()
.addFilter(new JWTAuthenticationFilter(authenticationManager()))
.addFilter(new JWTAuthorizationFilter(authenticationManager()))
// this disables session creation on Spring Security
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.authorizeRequests().antMatchers("/**").permitAll();
http.csrf().disable();
http.headers().frameOptions().disable();
}
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", new CorsConfiguration().applyPermitDefaultValues());
return source;
}
}
但是它似乎不起作用。无论我输入什么URL,都只会调用CUSTOMFILTER(),因此只会调用第一个配置。基本上我想实现的是,如果用户输入第一个URL,我希望那个customfilter()成为请求必须经过的过滤器,如果有其他任何URL,我希望它进入第二个配置,并且两个定义为请求必须经过的过滤器。为什么这不起作用?
答案 0 :(得分:0)
http.antMatcher(...)-表示在满足http中的模式的情况下,应用此antMatcher和此处配置的所有内容。
http.authorizeRequests()...-定义您的权限,如果用户点击该端点,则应具有“ ADMIN”,“ logged”等内容。
在您的FirstWaveFilters中,您必须以http开始http.antMatcher():
http.antMatcher("/HQ/test_web/**");
http.authorizeRequests().antMatchers("/HQ/test_web/**").anonymous()
.and()
.addFilterBefore(new CustomFilter(),BasicAuthenticationFilter.class);
如果您未添加http.antMatcher(...);,则http将拦截所有网址,并且将永远无法访问SecondWaveFilters。
http.authorizeRequests().antMatchers("/HQ/test_web/**").anonymous()-表示任何匿名用户都可以命中/HQ/test_web/**,但并不是说“ FirstWaveFilters时应用/HQ/test_web/**”就意味着任何{{ 1}}可能是匿名的。