如何结合Spring http基本身份验证和访问令牌两者同时工作?在我的情况下,只有Order(1)的配置才有效.
我希望只有具有令牌的用户才能访问所有* / API ** / *,而* / web ** / *仅供登录用户访问.
WebSecurityConfig.java
@Configuration@EnableWebMvcSecurity@Order(1)public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @autowired private UserDetailsService userDetailsService; @OverrIDe protected voID configure(httpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/web/**","/gopr").authenticated().and().authorizeRequests().and() .formLogin().loginPage("/login").permitAll() .defaultSuccessUrl("/gopr",true).permitAll().and().logout().logoutSuccessUrl("/login").permitAll(); } @autowired public voID configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService); }}Application.java
@SpringBootApplication@EnableResourceServer@Order(2)public class Application { public static voID main(String[] args) { SpringApplication.run(Application.class,args); } @Configuration @EnableAuthorizationServer protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter { @autowired private AuthenticationManager authenticationManager; @OverrIDe public voID configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception { endpoints.authenticationManager(authenticationManager); } @OverrIDe public voID configure(ClIEntDetailsServiceConfigurer clIEnts) throws Exception { // @formatter:off clIEnts.inMemory() .withClIEnt("my-trusted-clIEnt") .authorizedGrantTypes("password","authorization_code","refresh_token","implicit","clIEnt_credentials") .authoritIEs("RolE_CLIENT","RolE_TRUSTED_CLIENT") .scopes("read","write","trust") .resourceIDs("oauth2-resource") .secret("password") .accesstokenValIDitySeconds(600); // @formatter:on } } @Configuration @EnableResourceServer protected static class ResourceServer extends ResourceServerConfigurerAdapter { @OverrIDe public voID configure(httpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/web/**","/login","/index","/").permitAll() .antMatchers("/API/**").authenticated(); /* antMatchers("/web/**","/gopr").permitAll().antMatchers("/API/**").authenticated(); */ } }}将您的WebSecurityConfig.java修改为:
@Configuration @EnableWebMvcSecurity @Order(1) public class WebSecurityConfig extends WebSecurityConfigurerAdapter { ... @OverrIDe protected voID configure(httpSecurity http) throws Exception { http .requestMatchers().antMatchers("/web/**","/gopr") .and() .authorizeRequests().antMatchers("/web/**","/gopr").authenticated(). .and() .formLogin().loginPage("/login").permitAll() .defaultSuccessUrl("/gopr",true).permitAll().and().logout().logoutSuccessUrl("/login").permitAll(); } ... }和您的ResourceServer内部类:
@Configuration @EnableResourceServer protected static class ResourceServer extends ResourceServerConfigurerAdapter { ... @OverrIDe public voID configure(httpSecurity http) throws Exception { http .requestMatchers().antMatchers("/API/**").and() .authorizeRequests().antMatchers("/API/**").authenticated(); } }参考:https://github.com/royclarkson/spring-rest-service-oauth/issues/11 总结
以上是内存溢出为你收集整理的结合Spring HTTP基本身份验证和访问令牌全部内容,希望文章能够帮你解决结合Spring HTTP基本身份验证和访问令牌所遇到的程序开发问题。
如果觉得内存溢出网站内容还不错,欢迎将内存溢出网站推荐给程序员好友。
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)