如何使用Spring';什么是Java配置?
我有一个包含两种资源的web应用程序如何使用Spring';什么是Java配置?,java,spring,spring-security,spring-java-config,Java,Spring,Spring Security,Spring Java Config,我有一个包含两种资源的web应用程序 网页 网络服务 我希望使用一个身份验证提供商(即CAS)保护网页,并使用另一个身份验证提供商(即基本身份验证)保护web服务 我找到了一个可行的解决方案,但它使用XML,如果可能的话,我宁愿不使用XML配置 有Java配置解决方案吗?好吧,花了一段时间才弄明白怎么做 基本上,我将原始的安全配置类划分为3个独立的配置类 基本上我就是这样做的 主安全配置 @Configuration @Import({WebPageSecurityConfig.class,
- 网页
- 网络服务
有Java配置解决方案吗?好吧,花了一段时间才弄明白怎么做 基本上,我将原始的安全配置类划分为3个独立的配置类 基本上我就是这样做的 主安全配置
@Configuration
@Import({WebPageSecurityConfig.class, WebServiceSecurityConfig.class})
public class SecurityConfig {
}
网页的安全配置。。。(URL不以/service/**开头)
下面解释如何在文档中创建多个证券 像这样的东西应该有用
@EnableWebSecurity
public class MultiHttpSecurityConfig {
@Configuration
@Order(1)
public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
@Resource private UserDetailsService userBasicAuthService;
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/api/**")
.userDetailsService(userBasicAuthService)
.authorizeRequests()
.and()
.httpBasic();
}
}
@Configuration
public static class PagesWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Resource private UserDetailsService userCasService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/pages/**")
.userDetailsService(userCasService)
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin();
}
}
}
一个链接到一个潜在的解决方案总是受欢迎的,但请你这样做,你的同事用户将有一些想法,它是什么,为什么会在那里。始终引用重要链接中最相关的部分,以防无法访问目标站点或永久脱机。考虑到仅仅是一个指向外部站点的链接是一个可能的原因。
@Configuration
@Order(300)
@EnableWebMvcSecurity
public class WebServiceSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(final AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().
withUser("admin").password("password").authorities(new SimpleGrantedAuthority("ROLE_WS_USER"));
}
@Override
public void configure(final HttpSecurity http) throws Exception {
http.csrf().disable();
http.
antMatcher("/service/**"). // only process URLs that begin with /service/
sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and(). // RESTful web services are stateless
addFilter(wsAuthenticationFilter()).exceptionHandling().authenticationEntryPoint(wsAuthenticationEntryPoint());
http.authorizeRequests().anyRequest().hasAuthority("ROLE_WS_USER"); // all requests are secured
}
// Web Service Security (BASIC Authentication)
@Bean
public BasicAuthenticationFilter wsAuthenticationFilter() throws Exception {
final BasicAuthenticationFilter wsAuthenticationFilter = new BasicAuthenticationFilter(authenticationManager(), wsAuthenticationEntryPoint());
return wsAuthenticationFilter;
}
@Bean
public BasicAuthenticationEntryPoint wsAuthenticationEntryPoint() {
final BasicAuthenticationEntryPoint wsAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
wsAuthenticationEntryPoint.setRealmName("My Realm");
return wsAuthenticationEntryPoint;
}
@Autowired
private Environment env;
}
@EnableWebSecurity
public class MultiHttpSecurityConfig {
@Configuration
@Order(1)
public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
@Resource private UserDetailsService userBasicAuthService;
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/api/**")
.userDetailsService(userBasicAuthService)
.authorizeRequests()
.and()
.httpBasic();
}
}
@Configuration
public static class PagesWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Resource private UserDetailsService userCasService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/pages/**")
.userDetailsService(userCasService)
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin();
}
}
}