Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/spring/12.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/spring-boot/5.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
使用spring安全性的不同身份验证规则_Spring_Spring Boot_Spring Security - Fatal编程技术网
Fatal编程技术网
  • spring/
  • 使用spring安全性的不同身份验证规则

使用spring安全性的不同身份验证规则

spring spring-boot spring-security

使用spring安全性的不同身份验证规则,spring,spring-boot,spring-security,Spring,Spring Boot,Spring Security,我尝试在一个spring应用程序中为不同的url设置不同的身份验证规则 对于所有公共rest请求/rest/**我要设置基本身份验证,对于内部rest调用/internal/**我需要基于ip的访问,以便某些已定义的主机可以访问而无需身份验证 我尝试了以下设置: @Configuration @Order(1) public static class ApiWebSecurityConfig extends WebSecurityConfigurerAdapter { protecte

我尝试在一个spring应用程序中为不同的url设置不同的身份验证规则

对于所有公共rest请求
/rest/**
我要设置基本身份验证,对于内部rest调用
/internal/**
我需要基于ip的访问,以便某些已定义的主机可以访问而无需身份验证

我尝试了以下设置:

@Configuration
@Order(1)
public static class ApiWebSecurityConfig extends WebSecurityConfigurerAdapter {

    protected void configure(HttpSecurity http) throws Exception {
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        http.authorizeRequests().antMatchers("rest/**").authenticated().and().httpBasic().and().csrf().disable();
    }

}

@Configuration
@Order(2)
public static class Api2WebSecurityConfig extends WebSecurityConfigurerAdapter {

    protected void configure(HttpSecurity http) throws Exception {
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        http.authorizeRequests().antMatchers("/internal/**").access("hasIpAddress('100.100.100.100/16')").anyRequest().authenticated();
    }

}
但是,如果我从localhost调用内部端点,在经过大量尝试和错误后,我没有得到预期的403错误:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    http.authorizeRequests().antMatchers("/rest/**").authenticated().and().httpBasic().and().csrf().disable().authorizeRequests()
        .antMatchers("/internal/**").access("hasIpAddress('100.100.100.100/16')").anyRequest().permitAll().anyRequest().denyAll();
}