一直很困惑这中spring security 的链式的httpSecurity怎么配置,以下是笔记
来着stackoverflow
Java Code
1
2 3 4 5 6 7 8 9 10 11 |
http
.csrf().disable() .authorizeRequests() .antMatchers( "/shutdown").permitAll() .anyRequest().authenticated() .and() .formLogin() .loginPage( "/authentication.html") .loginProcessingUrl( "/login") .failureUrl( "/authentication.html") .permitAll(); |
自定义一个RequestMatcher
Java Code
1
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
@Override
public void configure(HttpSecurity http) throws Exception { // @formatter:off http.requestMatcher( new OAuth2RequestedMatcher()).authorizeRequests().antMatchers( "/api/**") .permitAll().anyRequest().authenticated(); // @formatter:on } private static class OAuth2RequestedMatcher implements RequestMatcher { @Override public boolean matches(HttpServletRequest request) { String auth = request.getHeader( "Authorization"); // 判断来源请求是否包含oauth2授权信息,这里授权信息来源可能是头部的Authorization值以Bearer开头, //或者是请求参数中包含access_token参数,满足其中一个则匹配成功 boolean haveOauth2Token = (auth != null) && auth.startsWith( "Bearer"); boolean haveAccessToken = request.getParameter( "access_token") != null; return haveOauth2Token || haveAccessToken; } } |
来自:http://www.cnblogs.com/davidwang456/p/4549344.html
匿名用户控制:
Java Code
1
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
@Configuration
@EnableWebSecurity public class AnononymousSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers( "/").hasRole( "USER") .and() .formLogin() .and() // sample anonymous customization .anonymous() .authorities( "ROLE_ANON"); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() .withUser( "user") .password( "password") .roles( "USER"); } } |
Java Code
1
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 |
@Configuration
@EnableWebSecurity public class MultiHttpSecurityConfig { @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource( "ldap://127.0.0.1:389/dc=mycompany,dc=com"); contextSource.setUserDn( "cn=admin,dc=mycompany,dc=com"); contextSource.setPassword( "admin"); contextSource.afterPropertiesSet(); BindAuthenticator authenticator = new BindAuthenticator(contextSource); authenticator.setUserDnPatterns( new String[] { "uid={0},ou=people" }); DefaultLdapAuthoritiesPopulator populator = new DefaultLdapAuthoritiesPopulator( contextSource, "ou=groups"); populator.setGroupRoleAttribute( "cn"); populator.setGroupSearchFilter( "uniqueMember={0}"); AuthenticationProvider authProvider = new LdapAuthenticationProvider( authenticator, populator); auth.authenticationProvider(authProvider); } @Configuration @Order( 1) public static class IndexSecurityConfig extends WebSecurityConfigurerAdapter { @Override public void configure(HttpSecurity http) throws Exception { http.antMatcher( "/index.jsp").anonymous(); } } @Configuration @Order( 2) public static class HtmlSecurityConfig extends WebSecurityConfigurerAdapter { @Override public void configure(HttpSecurity http) throws Exception { http.antMatcher( "/html/**") .authorizeRequests() .antMatchers( "/html/submit.jsp").hasRole( "BLACK") .antMatchers( "/html/forbidden.html").authenticated() .and().formLogin() .loginPage( "/html/login.jsp") .loginProcessingUrl( "/html/login") .defaultSuccessUrl( "/index.jsp") .permitAll() .and().logout().logoutUrl( "/html/logout") .and().exceptionHandling().accessDeniedPage( "/html/403.jsp"); } @Override public void configure(WebSecurity web) { web.ignoring().antMatchers( "/html/forbidden.html"); } } @Configuration @Order( 3) public static class AjaxSecurityConfig extends WebSecurityConfigurerAdapter { @Override public void configure(HttpSecurity http) throws Exception { http .antMatcher( "/ajax/**") .authorizeRequests().anyRequest().hasRole( "RED") .and() .httpBasic(); } } } |
http://www.tuicool.com/articles/uqAR3m6