Combining basic authentication and form login for the same REST Api

前端未结

关注

 2  1410

鱼传尺愫 2020-12-01 04:44

Is there a way to set up basic authentication and form login for the same REST service? I\'d like to let logged in user trigger this service both through web browser after l

2条回答

孤城傲影 (楼主)

2020-12-01 05:08

I found out that the previous code snippet is not working in Spring Security 5 because of an issue in the CSRF filter in the Basic authentication filter chain. It is possible to make it work by disabling CSRF for Basic auth.

BTW the override of Basic auth by Form auth is because redirection to /error page which is caused by this CSRF filter issue.

        @Configuration
        @Order(1)
        public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
            protected void configure(HttpSecurity http) throws Exception {
                http.antMatcher("/api/**")
                    .authorizeRequests()
                    .anyRequest()
                    .hasRole("ADMIN")
                    .and()
                    .httpBasic()
                    .csrf().disable();
            }
        }

0 讨论(0)

查看其它2个回答