我使用具有 spring 安全性的 spring boot 2.4.6。
实际上我们使用的是 oauth 2
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private JwtAuthenticationConverter jwtAuthenticationConverter() {
JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("roles");
jwtGrantedAuthoritiesConverter.setAuthorityPrefix("ROLE_");
JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(jwtGrantedAuthoritiesConverter);
return jwtAuthenticationConverter;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().configurationSource(request -> new CorsConfiguration().applyPermitDefaultValues())
.and() // (1)
.authorizeRequests()
.antMatchers("/actuator/**").permitAll()
.antMatchers("/v2/api-docs").permitAll()
.anyRequest().authenticated() // (2)
.and()
.oauth2ResourceServer().jwt() // (3)
.jwtAuthenticationConverter(jwtAuthenticationConverter());
}
}
对于某些端点,我需要支持登录名/密码。 有没有办法做到这一点?
答案 0 :(得分:1)
您可以设置多个 HttpSecurity 实例,每个实例匹配一个或多个路径并实现不同的身份验证方案。您可以将它们添加为从 import cv2
import numpy as np
all_camera_idx_available = []
for camera_idx in range(10):
cap = cv2.VideoCapture(camera_idx)
if cap.isOpened():
print(f'Camera index available: {camera_idx}')
all_camera_idx_available.append(camera_idx)
cap.release()
扩展的单独内部类。有关详细信息和示例,请参阅 docs。
如果订单很重要,请确保包含 WebSecurityConfigurerAdapter
。在您提供的示例中,配置是通用的并且匹配所有请求,因此它应该是 @Order
。附加配置将是 @Order(2)
并以 @Order(1)
或类似内容开头。