Spring Security multiple url ruleset not working together
I have an HTTP Spring Security configuration that appears to work when I comment out each individual aspect but it doesn\'t work when I combine the Spring Security rules tog
-
You override your previous matchers, see HttpSecurity.html#antMatcher:
Invoking
antMatcher(String)will override previous invocations ofmvcMatcher(String)},requestMatchers(),antMatcher(String),regexMatcher(String), andrequestMatcher(RequestMatcher).and HttpSecurity.html#regexMatcher:
Invoking
regexMatcher(String)will override previous invocations ofmvcMatcher(String)},requestMatchers(),antMatcher(String),regexMatcher(String), andrequestMatcher(RequestMatcher).If you want more than one configuration of HttpSecurity, see Spring Security Reference:
We can configure multiple HttpSecurity instances just as we can have multiple
<http>blocks. The key is to extend theWebSecurityConfigurationAdaptermultiple times. For example, the following is an example of having a different configuration for URL’s that start with/api/.@EnableWebSecurity public class MultiHttpSecurityConfig { @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) { 1 auth .inMemoryAuthentication() .withUser("user").password("password").roles("USER").and() .withUser("admin").password("password").roles("USER", "ADMIN"); } @Configuration @Order(1) 2 public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) throws Exception { http .antMatcher("/api/**") 3 .authorizeRequests() .anyRequest().hasRole("ADMIN") .and() .httpBasic(); } } @Configuration 4 public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .anyRequest().authenticated() .and() .formLogin(); } } }讨论(0)
加载中...
- 热议问题