英文:
How can I check outside of spring, eg in Nginx, if user was authenticated by spring @EnableWebSecurity
问题
在我的 Java Web 应用程序中,我使用标准的 Spring Boot 来进行安全性管理。
implementation 'org.springframework.boot:spring-boot-starter-security'
@EnableWebSecurity
class SecurityConfig(...) : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
http.csrf().disable().httpBasic().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER)
.sessionFixation().changeSessionId()
.and().authorizeRequests()
.antMatchers(*dennyPatterns).denyAll()
.antMatchers(*loginPatterns).permitAll()
.anyRequest().authenticated()
.and().formLogin().loginPage(loginUrl)
}
}
它在底层是如何工作的呢?
在反向代理(例如 Nginx)中,我如何检查请求是否由经过身份验证的用户发出?
英文:
In my java webapp I do security with standard spring-boot
implementation 'org.springframework.boot:spring-boot-starter-security'
@EnableWebSecurity
class SecurityConfig(...) : WebSecurityConfigurerAdapter() {
override fun configure(http: HttpSecurity) {
http.csrf().disable().httpBasic().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER)
.sessionFixation().changeSessionId()
.and().authorizeRequests()
.antMatchers(*dennyPatterns).denyAll()
.antMatchers(*loginPatterns).permitAll()
.anyRequest().authenticated()
.and().formLogin().loginPage(loginUrl)
}
}
How does it work under the hood?
How can I check in reverse proxy, eg Nginx, if request is made by an authenticated user?
答案1
得分: 0
你可以检查请求的响应代码,以验证请求是否有效。
英文:
Well you can check the response code of the request to verify that the request was valid.
专注分享java语言的经验与见解,让所有开发者获益!
评论