Spring security Spring安全性在运行时更改URL列表
我需要在运行时为我的用例更改spring安全配置,在这个用例中,我需要维护一个包含URL和相应URL的XML。因此,我需要在运行时告诉spring新添加到XML中的URL,而不是阻止对这些公共URL的访问 我的启动配置如下所示Spring security Spring安全性在运行时更改URL列表,spring-security,spring-boot,Spring Security,Spring Boot,我需要在运行时为我的用例更改spring安全配置,在这个用例中,我需要维护一个包含URL和相应URL的XML。因此,我需要在运行时告诉spring新添加到XML中的URL,而不是阻止对这些公共URL的访问 我的启动配置如下所示 public static String[] PERMIT_ALL_URLS = new String[] { "/css/**", "/js/**", "/images/**", "/healthcheck.jsp", "/healthCheck", "
public static String[] PERMIT_ALL_URLS = new String[] { "/css/**", "/js/**", "/images/**", "/healthcheck.jsp", "/healthCheck",
"/healthcheck.xml", "/memberLogin.html", "/login.html","/wro/**","/*home.html", "/home.html","/auctions.html","/*auctions.html", "/upgrade-subscription", "/pages/**","/public/**", "/", "/Content/**","/CMS/Content/**","/saleListResultAllFrame/**"};
@Override
protected void configure(HttpSecurity http) throws Exception {
List<String> permitAllUrls = new ArrayList<>(Arrays.asList(PERMIT_ALL_URLS));
if (configDataManager.getAllRedirectUrlsMap() != null)
{
permitAllUrls.addAll(configDataManager.getAllRedirectUrlsMap().keySet());
}
String[] publicURLPatterns = permitAllUrls.toArray(new String[permitAllUrls.size()]);
_logger.info("Loading Spring Security Configurations - Public URLS - " + publicURLPatterns);
copartAuthenticationSuccessHandler.setDefaultTargetUrl("/doLogin.html");
http.exceptionHandling().authenticationEntryPoint(copartAuthenticationEntryPoint);
http.csrf().disable().headers().disable().sessionManagement().sessionFixation().none();
http.addFilterAfter(new RestTimoutRedirectFilter(), ExceptionTranslationFilter.class)
.addFilterAfter(copartPreAuthenticationFilter, AbstractPreAuthenticatedProcessingFilter.class)
.addFilterBefore(memberSiteCodeFilter, AnonymousAuthenticationFilter.class)
.addFilterBefore(memberSiteCodeFilter, AbstractPreAuthenticatedProcessingFilter.class)
.anonymous().authenticationFilter(new CopartAnonymousAuthenticationFilter());
http.authorizeRequests().antMatchers(loginUrl).access("isAnonymous() or isAuthenticated()")
.antMatchers(publicURLPatterns).permitAll().anyRequest().fullyAuthenticated().and()
.formLogin().loginProcessingUrl(loginUrl).loginPage(loginPage).permitAll().usernameParameter("username")
.passwordParameter("password").successHandler(copartAuthenticationSuccessHandler)
.failureUrl("/doLogin.html?result=error&error=authFailure").permitAll().and().logout()
.logoutUrl("/logout").invalidateHttpSession(true).logoutSuccessUrl("/doLogout.html?result=success")
.deleteCookies(Constants.AUCTION_COOKIE).permitAll();
http.portMapper().http(HTTP_PORT).mapsTo(HTTPS_PORT).http(HTTP_PORT1).mapsTo(HTTPS_PORT1);
}
publicstaticstring[]允许所有URL=newstring[]{/css/**,“/js/**”,“/images/**”,“/healthcheck.jsp”,“/healthcheck”,
“/healthcheck.xml”、“/memberLogin.html”、“/login.html”、“/wro/**”、“/*home.html”、“/home.html”、“/auctions.html”、“/upgrade subscription”、“/pages/**”、“/public/**”、“/”、“/Content/**”、“/CMS/Content/**”、“/salelistResultlFrame/**”);
@凌驾
受保护的无效配置(HttpSecurity http)引发异常{
List permitAllUrls=newarraylist(Arrays.asList(PERMIT_ALL_url));
if(configDataManager.getAllRedirectUrlsMap()!=null)
{
permitAllUrls.addAll(configDataManager.getAllRedirectUrlsMap().keySet());
}
String[]publicURLPatterns=permitAllUrls.toArray(新字符串[permitAllUrls.size()]);
_info(“加载Spring安全配置-公共URL-”+publicURLPatterns);
copartAuthenticationSuccessHandler.setDefaultTargetUrl(“/doLogin.html”);
http.exceptionHandling().authenticationEntryPoint(合作伙伴authenticationEntryPoint);
http.csrf().disable().headers().disable().sessionManagement().sessionFixation().none();
http.addFilterAfter(新的RestTimeOutRedirectFilter(),ExceptionTranslationFilter.class)
.addFilterAfter(copartPreAuthenticationFilter,AbstractPreAuthenticationdProcessingFilter.class)
.addFilterBefore(memberSiteCodeFilter,AnonymousAuthenticationFilter.class)
.addFilterBefore(memberSiteCodeFilter,AbstractPreAuthenticationdProcessingFilter.class)
.anonymous().authenticationFilter(新的合作伙伴AnonymousAuthenticationFilter());
http.authorizeRequests().antMatchers(loginUrl.access(“isAnonymous()或isAuthenticated()”)
.antMatchers(publicURLPatterns).permitAll().anyRequest().fullyAuthenticated()和()
.formLogin().loginProcessingUrl(loginUrl).loginPage(loginPage).permitAll().username参数(“用户名”)
.passwordParameter(“密码”).successHandler(copartAuthenticationSuccessHandler)
.failureUrl(“/doLogin.html?result=error&error=authFailure”).permitAll()和().logout()
.logoutUrl(“/logout”).invalidateHttpSession(true).logoutSuccessUrl(“/doLogout.html?result=success”)
.deleteCookies(Constants.AUCTION_COOKIE).permitAll();
http.portMapper().http(http\u-PORT).mapsTo(HTTPS\u-PORT).http(http\u-PORT1).mapsTo(HTTPS\u-PORT1);
}