标题翻译
Spring Security Configuration is not applied
问题
我有以下配置,需要为 /api/v1/** 端点配置 HTTPBasic 认证,并且我想为 /users/ 的 URL 模式配置 form 认证。当我按照以下配置运行时,Web 请求的配置正常工作,但 API 的配置却没有生效。没有应用任何安全性。我哪里做错了?
@Configuration@EnableWebSecuritypublic class WebSecurityConfig {@Order(1)@Configurationpublic static class MVCSecurityConfiguration extends WebSecurityConfigurerAdapter {@Beanpublic BCryptPasswordEncoder getBCryptPasswordEncoder() {return new BCryptPasswordEncoder();}@Overrideprotected void configure(HttpSecurity http) throws Exception {http.antMatcher("/users/**").csrf().and().authorizeRequests().antMatchers("/resources/**", "/users/register", "/users/signup", "/users/confirm","/users/user-action", "/users/reset-password", "/confirm", "/webjars/**").permitAll().antMatchers("/users/**").hasRole("USER").anyRequest().authenticated().and().formLogin().loginPage("/login").usernameParameter("username").passwordParameter("password");http.authorizeRequests().antMatchers("/api/v1/users/**").hasRole("USER").anyRequest().authenticated().and().httpBasic();}}}
英文翻译
I have the below configuration where i need to configure HTTPBasic authentication for /api/v1/** endpoints and i want to configure form authentication for /users/ url pattern. When i run with the below configuration, the configuration for web requests is working correctly but the configuration for API is not working. No security is being applied. Where am I going wrong?
@Configuration@EnableWebSecuritypublic class WebSecurityConfig {@Order(1)@Configurationpublic static class MVCSecurityConfiguration extends WebSecurityConfigurerAdapter {@Beanpublic BCryptPasswordEncoder getBCryptPasswordEncoder() {return new BCryptPasswordEncoder();}@Overrideprotected void configure(HttpSecurity http) throws Exception {http.antMatcher("/users/**").csrf().and().authorizeRequests().antMatchers("/resources/**", "/users/register", "/users/signup", "/users/confirm", "/users/user-action", "/users/reset-password", "/confirm", "/webjars/**").permitAll().antMatchers("/users/**").hasRole("USER").anyRequest().authenticated().and().formLogin().loginPage("/login").usernameParameter("username").passwordParameter("password");http.authorizeRequests().antMatchers("/api/v1/users/**").hasRole("USER").anyRequest().authenticated().and().httpBasic();}}
答案1
得分: 3
我已经将您的代码与下面的配置一起使用:
@EnableWebSecuritypublic class SecurityConfiguration {public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {@Overrideprotected void configure(HttpSecurity http) throws Exception {http.antMatcher("/api/v1/users/**").authorizeRequests().anyRequest().hasRole("USER").and().httpBasic();}}@Configuration@Order(2)public class MVCSecurityConfiguration extends WebSecurityConfigurerAdapter {@Overrideprotected void configure(HttpSecurity http) throws Exception {http.csrf().and().authorizeRequests().antMatchers("/resources/**", "/users/register", "/users/signup", "/users/confirm","/users/user-action", "/users/reset-password", "/confirm", "/webjars/**").permitAll().antMatchers("/users/**").hasRole("USER").and().formLogin().usernameParameter("username").passwordParameter("password");}}}
查看关于Spring Security的文档以及示例代码此处。
英文翻译
I have put your code to work with this configuration bellow:
@EnableWebSecuritypublic class SecurityConfiguration {public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {@Overrideprotected void configure(HttpSecurity http) throws Exception {http.antMatcher("/api/v1/users/**").authorizeRequests().anyRequest().hasRole("USER").and().httpBasic();}}@Configuration@Order(2)public class MVCSecurityConfiguration extends WebSecurityConfigurerAdapter {@Overrideprotected void configure(HttpSecurity http) throws Exception {http.csrf().and().authorizeRequests().antMatchers("/resources/**", "/users/register", "/users/signup", "/users/confirm","/users/user-action", "/users/reset-password", "/confirm", "/webjars/**").permitAll().antMatchers("/users/**").hasRole("USER").and().formLogin().usernameParameter("username").passwordParameter("password");}}}
View docs for Spring Security and sample code here.
专注分享java语言的经验与见解,让所有开发者获益!
评论