针对不同网址的不同身份验证

时间:2020-03-24 18:57:20

标签: spring-security

我正在尝试为/basic url实现http基本身份验证,为/user url实现基于表单的身份验证:

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Bean
    public PasswordEncoder passwordEncoder() {

        return NoOpPasswordEncoder.getInstance();
    }

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {

        auth.inMemoryAuthentication()
                .withUser("user")
                .password("user")
                .roles("USER")
                .and()
                .withUser("admin")
                .password("admin")
                .roles("ADMIN")
        ;

    }


    @Configuration
    @Order(1)
    public static class C1 extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                    .antMatcher("/basic/**")
                    .authorizeRequests(authorize -> authorize
                            .anyRequest().hasRole("ADMIN")
                    )
                    .httpBasic();

        }
    }

    @Configuration
    @Order(2)
    public static class C2 extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                    .antMatcher("/user/**")
                    .authorizeRequests(authorize -> authorize
                            .anyRequest().hasRole("USER")
                    )
                    .formLogin();

        }
    }

}

问题是,当我转到/basic URL并在弹出窗口中提供admin/admin凭据时,我被立即重定向到另一个页面-默认的Spring Security登录表单。为什么,以及如何纠正呢?

0 个答案:

没有答案
相关问题
最新问题