4
如何结合使用Spring HTTP基本认证和访问令牌两者同时工作?在我的情况下,只有订单(1)的配置确实有效。结合春季HTTP基本认证和访问令牌
我希望只有拥有令牌的用户才能访问所有*/api **/*,只有登录用户才能访问*/web **/*。
WebSecurityConfig.java
@Configuration
@EnableWebMvcSecurity
@Order(1)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/web/**", "/gopr").authenticated().and().authorizeRequests()
.and()
.formLogin().loginPage("/login").permitAll()
.defaultSuccessUrl("/gopr", true).permitAll().and().logout().logoutSuccessUrl("/login").permitAll();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
}
Application.java
@SpringBootApplication
@EnableResourceServer
@Order(2)
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
@Configuration
@EnableAuthorizationServer
protected static class OAuth2Config extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
// @formatter:off
clients.inMemory()
.withClient("my-trusted-client")
.authorizedGrantTypes("password", "authorization_code", "refresh_token", "implicit", "client_credentials")
.authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT")
.scopes("read", "write", "trust")
.resourceIds("oauth2-resource")
.secret("password")
.accessTokenValiditySeconds(600);
// @formatter:on
}
}
@Configuration
@EnableResourceServer
protected static class ResourceServer extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/web/**", "/login", "/index", "/").permitAll()
.antMatchers("/api/**").authenticated();
/* antMatchers("/web/**", "/gopr").permitAll().antMatchers("/api/**").authenticated(); */
}
}
}