Fatal编程技术网
  • spring/
  • 具有多个端点的Spring安全性

具有多个端点的Spring安全性

spring spring-security

具有多个端点的Spring安全性,spring,spring-security,Spring,Spring Security,我正在为我的web应用程序使用http基本身份验证。它有多个点。我的要求是对用户进行一次身份验证,并访问这些不同的端点。下面是当前的Spring安全配置 <context:component-scan base-package="com.test.security" /> <sec:http use-expressions="true"> <sec:intercept-url pattern="/**" access="hasAnyRole('Admin

我正在为我的web应用程序使用http基本身份验证。它有多个点。我的要求是对用户进行一次身份验证,并访问这些不同的端点。下面是当前的Spring安全配置

<context:component-scan base-package="com.test.security" />

<sec:http use-expressions="true">

    <sec:intercept-url pattern="/**" access="hasAnyRole('Admin','Data Operator','Data Collector')" />
    <sec:http-basic />

</sec:http>

<sec:authentication-manager alias="authenticationManager">
    <sec:authentication-provider
        user-service-ref="myAuthenticationProvider">
        <sec:password-encoder ref="encoder" />
    </sec:authentication-provider>
</sec:authentication-manager>

<bean id="myAuthenticationProvider"
    class="com.test.security.MyUserDetailsService" />


<bean id="encoder"
     class="org.springframework.security.authentication.encoding.Md5PasswordEncoder">
</bean>
下面是身份验证提供者的实现

 package com.test.security;

    import java.util.List;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

import com.test.business.objects.Adminrole;
import com.test.business.objects.Adminuser;
import com.test.business.repository.AdminroleRepository;
import com.test.repository.AdminuserRepository;

@Service
public class MyUserDetailsService implements UserDetailsService{

    @Autowired
    private AdminuserRepository adminuserRepository;

    @Autowired
    private AdminroleRepository adminroleRepository;






    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException{



        //find admin user by user name
        List<Adminuser> adminUsers = adminuserRepository.findByUsername(username);
        Adminuser adminUser = adminUsers.get(0);

        //find admin roles by user
        List<Adminrole> adminRoles = adminroleRepository.getAdminRolesByUserId(adminUser.getUserid());

        //create user details object
        MyUserDetails userdetails = new MyUserDetails(adminUser, adminRoles);
        return userdetails;

    }

}
为什么要使用http basic,因为它不安全。另外,不要使用MD5密码编码器,不安全,请使用BCrypt。此外,您的截取url表示从/开始的所有页面都应该有一个登录用户。如果是这种情况,那么用户将如何到达登录页面,因为登录页面将是/**的一部分。明白了吗?终点是什么意思?