Fatal编程技术网
  • authentication/
  • Authentication 用于令牌身份验证旁边的单个路径的Spring Security基本身份验证

Authentication 用于令牌身份验证旁边的单个路径的Spring Security基本身份验证

authentication spring-boot spring-security

Authentication 用于令牌身份验证旁边的单个路径的Spring Security基本身份验证,authentication,spring-boot,spring-security,basic-authentication,spring-security-oauth2,Authentication,Spring Boot,Spring Security,Basic Authentication,Spring Security Oauth2,我有一个定制的ResourceServerTokenServices: @Configuration public class CloudSecurityConfig { @Bean protected MyResourceServerTokenServices() { return new MyResourceServerTokenServices(); } } 然后我在ResourceServerConfigurerAdapter中有以下内容: @C

我有一个定制的ResourceServerTokenServices:

@Configuration
public class CloudSecurityConfig {
    @Bean
    protected MyResourceServerTokenServices() {
        return new MyResourceServerTokenServices();
    }
}
然后我在ResourceServerConfigurerAdapter中有以下内容:

@Configuration
@EnableWebSecurity
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityResourceConfiguration extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER);

        http.authorizeRequests().accessDecisionManager(accessDecisionManager())
            .antMatchers("/h2-console/**").anonymous()
            .antMatchers("/health/**").permitAll()
            .antMatchers("/v*/api-docs").permitAll().anyRequest()
            .authenticated().and().httpBasic().and().headers()
            .frameOptions().disable();
    }

    @Bean
    protected UnanimousBased accessDecisionManager() {
        List<AccessDecisionVoter<? extends Object>> voterList = new ArrayList<>();
        WebExpressionVoter expressionVoter = new WebExpressionVoter();
        expressionVoter.setExpressionHandler(new OAuth2WebSecurityExpressionHandler());
        voterList.add(expressionVoter);
        voterList.add(new AuthenticatedVoter());
        return new UnanimousBased(voterList);
    }
}

@配置
@启用Web安全性
@EnableResourceServer
@EnableGlobalMethodSecurity(Prespenabled=true)
公共类SecurityResourceConfiguration扩展了ResourceServerConfigurerAdapter{
@凌驾
public void configure(HttpSecurity http)引发异常{
http.sessionManagement().sessionCreationPolicy(sessionCreationPolicy.NEVER);
http.authorizeRequests().accessDecisionManager(accessDecisionManager())
.antMatchers(“/h2 console/**”).anonymous()
.antMatchers(“/health/**”).permitAll()
.antMatchers(“/v*/api docs”).permitAll().anyRequest()
.authenticated()和().httpBasic()和().headers()
.frameOptions().disable();
}
@豆子
受保护的基于UnanimousBased的accessDecisionManager(){

列表示例可能会帮助您一个想法,如果您提供多个身份验证提供程序,如果其中一个失败(令牌身份验证),它将搜索另一个提供程序(基本身份验证)。