我使用Spring Boot和Spring Security来实现一种机制,该机制在每次调用前端方法时都会调用Identity Manager。但是,却出现了一些问题:我们担心过多的请求会使idm重载因此,我在考虑是否有一种方法,不是针对每个呼叫而是针对每个时间间隔来检查令牌。
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Value("${antPatterns}")
private String antPatterns;
@Value("${statistiche.security.enabled:true}")
private boolean securityEnabled;
@Bean
public RequestContextListener requestContextListener() {
return new RequestContextListener();
}
@Bean
public AuthoritiesExtractor authoritiesExtractor() {
return new AuthoritiesSSOExtractor();
}
@Bean
public PrincipalSSOExtractor principalExtractor() {
return new PrincipalSSOExtractor();
}
@Override
public void configure(HttpSecurity http) throws Exception {
//PRODUZIONE
if(securityEnabled) {
http.anonymous().disable()
.requestMatchers().antMatchers(antPatterns)
.and().authorizeRequests()
.antMatchers(antPatterns).authenticated()
.and().exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());
}
else
{
http.anonymous().disable().antMatcher(antPatterns).authorizeRequests().anyRequest().permitAll();
}
}
}
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@ConditionalOnProperty(name = "statistiche.security.enabled", havingValue = "true", matchIfMissing = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Value("${antPatterns}")
private String antPatterns;
@Value("${statistiche.security.enabled:true}")
private boolean securityEnabled;
@Override
public AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/actuator/**").and().ignoring().mvcMatchers(HttpMethod.OPTIONS, "/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
//http.antMatcher(antPatterns).authorizeRequests().anyRequest().permitAll();
if(securityEnabled)
{
http
.anonymous().disable()
.csrf().disable()
.authorizeRequests()
.antMatchers(antPatterns).authenticated()
.and()//.addFilterBefore(new JwtAuthenticationFilter(), BasicAuthenticationFilter.class)
.exceptionHandling().authenticationEntryPoint(getRestAuthenticationEntryPoint());
}else{
http.antMatcher(antPatterns).authorizeRequests().anyRequest().permitAll();
//http.antMatcher(antPatterns).authorizeRequests().anyRequest().permitAll();
}
}
@Bean
AuthenticationEntryPoint getRestAuthenticationEntryPoint() {
return new RestAuthenticationEntryPoint();
}
@Bean
AuthenticationFailureHandler authenticationFailureHandler() {
return new SimpleUrlAuthenticationFailureHandler();
}
}