Spring boot oauth2和基本身份验证
我使用带spring security的spring boot 2.4.6 实际上我们使用OAuth2Spring boot oauth2和基本身份验证,spring-boot,spring-security,Spring Boot,Spring Security,我使用带spring security的spring boot 2.4.6 实际上我们使用OAuth2 @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) public class WebSecurityConfig extends WebSecurityConfigurerAdapter { private JwtAuthe
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private JwtAuthenticationConverter jwtAuthenticationConverter() {
JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("roles");
jwtGrantedAuthoritiesConverter.setAuthorityPrefix("ROLE_");
JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(jwtGrantedAuthoritiesConverter);
return jwtAuthenticationConverter;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().configurationSource(request -> new CorsConfiguration().applyPermitDefaultValues())
.and() // (1)
.authorizeRequests()
.antMatchers("/actuator/**").permitAll()
.antMatchers("/v2/api-docs").permitAll()
.anyRequest().authenticated() // (2)
.and()
.oauth2ResourceServer().jwt() // (3)
.jwtAuthenticationConverter(jwtAuthenticationConverter());
}
}
对于某些端点,我需要支持登录/密码。
有没有办法做到这一点?您可以设置多个HttpSecurity实例,每个实例匹配一个或多个路径,并实现不同的身份验证方案。您可以将它们作为独立的内部类添加到
WebSecurityConfigurerAdapter
中。有关更多信息和示例,请参见
如果订单很重要,请确保包含一份@Order
。在您提供的示例中,配置是通用的,并且匹配所有请求,因此它应该是@Order(2)
。额外的配置将是@Order(1)
,并以http.antMatcher(“/some/path/**”)开始。formLogin()…
或类似的配置
注:类似(旧)问题和