我已经开发了一个使用auth2 spring安全性和spring boot的身份验证服务器。我想基于两个url更改两个身份验证提供程序。因此我尝试了以下代码,并且在授权客户端时需要完全身份验证才能访问此资源错误。我想限制url特定身份验证提供程序,而/ login,/ authorize和/ exit允许所有人登录(不需要登录系统) 请帮助我解决这个问题,并指导我如何正确使用authorizeRequests()。antMatchers和.antMatcher吗?
@EnableResourceServer
@EnableWebSecurity
public class WebSecurityConfig{
@Autowired
UserDetailsService userDetailsService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Configuration
@Order(1)
public static class ApiWebSecurityConfig extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
System.out.println("@order");
http.csrf().disable() .antMatcher("http://localhost:8080/main/**")
.authorizeRequests().antMatchers("/","/login*", "/oauth/authorize**","/exit","**/logout")
.permitAll()
.and().authenticationProvider(daoInternalAuthenticationProvider())
;
}
@Bean
public AuthenticationProvider daoInternalAuthenticationProvider() throws Exception {
return new CustomInternalAuthenticationProvider();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/*.css");
web.ignoring().antMatchers("/*.js");
}
}
@Configuration
@Order(2)
public static class ApiTokenSecurityConfig extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
System.out.println("default");
http.csrf().disable() .antMatcher("http://localhost:8080/user/**")
.authorizeRequests().antMatchers("/","/login*", "/oauth/authorize**","/exit","**/logout")
.permitAll()
.and().authenticationProvider(daoExternalAuthenticationProvider())
;
}
@Bean
public AuthenticationProvider daoExternalAuthenticationProvider() throws Exception {
return new CustomExternalAuthonticationProvider();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/*.css");
web.ignoring().antMatchers("/*.js");
}
}
}