Java 基于Hippo CMS支持多个子网站的Spring安全配置
我正在尝试使用基于hippo cms插件的spring安全性。我已经在hippo内部创建了3个子网站,每个网站都有登录名。我应该如何配置spring-security-context.xml以支持多个子网站?所有子网站将使用相同的authenticationprovider。到目前为止,我已经配置了其中一个子网站Java 基于Hippo CMS支持多个子网站的Spring安全配置,java,spring,configuration,spring-security,hippocms,Java,Spring,Configuration,Spring Security,Hippocms,我正在尝试使用基于hippo cms插件的spring安全性。我已经在hippo内部创建了3个子网站,每个网站都有登录名。我应该如何配置spring-security-context.xml以支持多个子网站?所有子网站将使用相同的authenticationprovider。到目前为止,我已经配置了其中一个子网站 <beans:beans xmlns="http://www.springframework.org/schema/security"
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:lang="http://www.springframework.org/schema/lang"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/lang http://www.springframework.org/schema/beans/spring-lang-3.1.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- HTTP Security Configuration -->
<!-- HTTP Security Configuration -->
<http auto-config="true">
<intercept-url pattern="/css/**" />
<intercept-url pattern="/images/**" />
<intercept-url pattern="/binaries/**" />
<intercept-url pattern="/vop/**" access="IS_AUTHENTICATED_ANONYMOUSLY, ROLE_everybody" />
<form-login login-page="/vop"
default-target-url="/vop/vop-mysurvey-page"
always-use-default-target="true" />
<logout logout-url="/logout.jsp" logout-success-url="/vop"/>
</http>
<!--
Authentication Manager configuration with Hippo Repository based Authentication Provider configuration ('hippoAuthenticationProvider').
However, you can use any other authentication provider(s) if you don't need to authenticate users against Hippo Repository.
-->
<authentication-manager>
<authentication-provider ref="hippoAuthenticationProvider"/>
</authentication-manager>
<!--
Hippo Repository based Authentication Provider. This Authentication Provider provide authentication against Hippo Repository Security Store.
If you don't need to authenticate users against Hippo Repository, you don't have to include the following bean.
-->
<beans:bean id="hippoAuthenticationProvider"
class="org.onehippo.forge.security.support.springsecurity.authentication.HippoAuthenticationProvider">
</beans:bean>
有什么想法吗?据我所知,spring安全框架基于servlet过滤器,其配置似乎与web应用程序上下文相关。因此,我认为目前不能在单个web应用程序上下文中承载多个spring安全上下文 据我所知,spring安全框架基于servlet过滤器,其配置似乎与web应用程序上下文相关。因此,我认为目前不能在单个web应用程序上下文中承载多个spring安全上下文 Spring security支持保护多个子网站。配置在一定程度上取决于您的子网站,无论它们是否使用单独的主机名 当您的子网站在同一主机名下运行时,您可以按如下方式进行配置:
<http pattern="/vop/**" ... >
...
</http>
<http pattern="/erop/**" ... >
...
</http>
...
...
<bean id="vopMatcher" class="org.springframework.security.web.util.ELRequestMatcher">
<constructor-arg value="hasHeader('host','vop.com')"/>
</bean>
<bean id="eropMatcher" class="org.springframework.security.web.util.ELRequestMatcher">
<constructor-arg value="hasHeader('host','erop.com')"/>
</bean>
<http request-matcher-ref ="vopMatcher" ... >
...
</http>
<http request-matcher-ref ="eropMatcher" ... >
...
</http>
...
...
<http pattern="/vop/**" ... >
...
</http>
<http pattern="/erop/**" ... >
...
</http>
...
...
<bean id="vopMatcher" class="org.springframework.security.web.util.ELRequestMatcher">
<constructor-arg value="hasHeader('host','vop.com')"/>
</bean>
<bean id="eropMatcher" class="org.springframework.security.web.util.ELRequestMatcher">
<constructor-arg value="hasHeader('host','erop.com')"/>
</bean>
<http request-matcher-ref ="vopMatcher" ... >
...
</http>
<http request-matcher-ref ="eropMatcher" ... >
...
</http>
...
...