同时使用java和xml配置的多个Http配置不起作用
我有一个应用程序,可以从java类加载默认的spring安全配置,并可以选择从外部文件导入附加配置,如下所示:同时使用java和xml配置的多个Http配置不起作用,java,spring,spring-security,Java,Spring,Spring Security,我有一个应用程序,可以从java类加载默认的spring安全配置,并可以选择从外部文件导入附加配置,如下所示: @Configuration @EnableWebSecurity @EnableAspectJAutoProxy @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true) @ImportResource("file:///${my.home.dir}\
@Configuration
@EnableWebSecurity
@EnableAspectJAutoProxy
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
@ImportResource("file:///${my.home.dir}\\conf\\security.xml")
public class WebSecurityConfiguration implements Serializable {
private static final long serialVersionUID = 6654777887140629668L;
@Configuration
@Order
public static class AnotherWebSecurityConfiguration extends WebSecurityConfigurerAdapter implements Serializable {
private static final long serialVersionUID = 4628321113541373781L;
public AnotherWebSecurityConfiguration() {
super();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers(ignoredUrls); // we want to disable Spring Security for static resources.
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/**").authorizeRequests().antMatchers("/**").hasRole("USER").and().httpBasic().and().csrf().disable();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
}
}
外部文件包含以下内容:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- enable use-expressions -->
<http auto-config="true" pattern="/manage/app/**" authentication-manager-ref="anotherAuthenticationManager" use-expressions="true">
<intercept-url pattern="/manage/app/**" access="hasRole('ROLE_USER')" />
<http-basic />
</http>
<authentication-manager id="anotherAuthenticationManager">
<authentication-provider>
<user-service>
<user name="admin" password="admin2" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
在本例中,xml安全配置工作正常,但java配置被忽略
你能告诉我我在配置中做错了什么吗
请注意,我使用的是SpringSecurity 3.2
非常感谢。XML配置覆盖java配置-。我看不出你为什么要把它们混在一起,现在花点时间重写这篇文章可以节省你将来的时间:你可能可以使用http.antMatchers。。。使用和合并两个配置
protected void registerAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication();
}