1. 首页
  2. 问答
  3. 允许访问一个网址的用户名/密码等人从IP地址

允许访问一个网址的用户名/密码等人从IP地址

2016-07-28 83 views
2

我试图找出如何执行以下操作使用Spring Security:允许访问一个网址的用户名/密码等人从IP地址

我需要让对某个端点的外部访问,在/webhooks/ ,但用HTTP基本用户名/密码保护它。在所有其他端点上,访问必须受到限制,但某些子网除外。

这是我到目前为止。这不起作用,因为一切都被拒绝了。

import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.beans.factory.annotation.Value; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.context.annotation.PropertySource; 
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; 
import org.springframework.security.config.annotation.web.builders.HttpSecurity; 
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 

/** 
* Created on 27 July 2016 @ 1:49 PM 
* Component for project "security" 
*/ 
@Configuration 
@EnableWebSecurity 
@PropertySource("classpath:/test.properties") 
public class SecurityConfig extends WebSecurityConfigurerAdapter { 
    @Value("${test.webhooks.username}") 
    private String username; 
    @Value("${test.webhooks.password}") 
    private String password; 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http 
       .authorizeRequests() 

         .antMatchers("/webhooks/").authenticated() 
       .and().authorizeRequests() 
         .antMatchers("/**").hasIpAddress("10.0.0.0/8") 
         .antMatchers("/**").hasIpAddress("172.16.0.0/16") 
         .antMatchers("/**").hasIpAddress("192.168.1.0/24") 
         .antMatchers("/**").hasIpAddress("172.0.0.0/8") 
         .antMatchers("/**").denyAll() 
     ; 

    } 

    @Autowired 
    public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception { 
     authenticationManagerBuilder 
       .inMemoryAuthentication() 
         .withUser(username).password(password).roles("WEBHOOKS_ACCESS") 
     ; 
    } 
}

任何帮助将是可怕的!我不确定链接的蚂蚁匹配器在任何情况下都是正确的。

来源

2016-07-28 iLikeBreakfast

回答

0

好的,我发现如何做到这一点。不知道这是“春天的方式”或其他什么,但它似乎工作。欢迎任何建议。

所以我的新类如下所示:

import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.beans.factory.annotation.Value; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.context.annotation.PropertySource; 
import org.springframework.core.annotation.Order; 
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; 
import org.springframework.security.config.annotation.web.builders.HttpSecurity; 
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 

/** 
* Created on 27 July 2016 @ 1:49 PM 
* Component for project "security" 
* 
*/ 
@Configuration 
@EnableWebSecurity 
@PropertySource("classpath:/security.properties") 
public class SecurityConfig extends WebSecurityConfigurerAdapter { 
    @Value("${security.webhooks.username}") 
    private String username; 
    @Value("${security.webhooks.password}") 
    private String password; 

    @Configuration 
    @Order(1) 
    public static class WebHookSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { 
     protected void configure(HttpSecurity http) throws Exception { 
      http.antMatcher("/webhooks/") 
        .authorizeRequests() 
         .anyRequest().hasRole("WEBHOOKS_ACCESS") 
         .and() 
        .httpBasic() 
         .and() 
        .csrf().disable(); 
     } 
    } 

    @Configuration 
    @Order(2) 
    public static class InternalSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { 
     protected void configure(HttpSecurity http) throws Exception { 
      http.antMatcher("/**") 
        .authorizeRequests() 
         .anyRequest() 
         .access("hasIpAddress('10.0.0.0/8') or hasIpAddress('172.16.0.0/16') or hasIpAddress('192.168.1.0/24') or hasIpAddress('172.0.0.0/8') or hasIpAddress('127.0.0.1')") 
      ; 
     } 
    } 

    @Autowired 
    public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception { 
     authenticationManagerBuilder 
       .inMemoryAuthentication() 
         .withUser(username).password(password).roles("WEBHOOKS_ACCESS") 
     ; 
    } 
}

这是我从this documentation的。希望这可以帮助别人!

来源

2016-07-28 09:30:49 iLikeBreakfast

相关问题

 相关问题