Spring Boot中的基本Auth + oAuth实现
我正在尝试在springboot中实现Basic Auth +
oAuth2,这意味着某些url在登录系统后应像传统方式一样工作,而某些应在AOuth2上工作。
就像我想允许访问SuperAdmin管理面板一样,URL从
/ superAdmin / ****
我只想在一般登录系统后访问所有这些URL。
和REST服务应该在带有URL开始表格的AOuth2上工作
/ api / vi / ****
这些网址用于授予申请人访问权限。
两者都可以正常工作,但两者都不能正常工作。
这是我的配置。
import in.kpis.tracking.configuration.CustomAuthenticationSuccessHandler;import in.kpis.tracking.service.AdminUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
@Configuration
public class OAuth2ServerConfiguration {
protected static final String RESOURCE_ID = "restservice";
@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
// @formatter:off
resources.resourceId(RESOURCE_ID);
// @formatter:on
}
@Override
public void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/api/v1/*").hasRole("ADMIN")
.antMatchers("/greeting").authenticated();
}
}
@Configuration
public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
@Autowired
private AdminUserService adminUserService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(adminUserService);
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
@Configuration
@Order(1)
public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
String[] permitAll = new String[]{"/error"};
String[] permitToSuperAdmin = new String[]{
"/superAdmin/*",
};
http.authorizeRequests()
.antMatchers(permitToSuperAdmin).access("hasRole('SUPER_ADMIN')")
.antMatchers("/login").permitAll()
.and().formLogin().loginPage("/userLogin.html")
.usernameParameter("username")
.passwordParameter("password")
.loginProcessingUrl("/login")
.successHandler(new CustomAuthenticationSuccessHandler())
.and()
.logout().logoutSuccessUrl("/userLogin.html?logout")
.deleteCookies("JSESSIONID")
.invalidateHttpSession(true);
http.csrf().disable();
}
}
}
回答:
伟大的问题为了将oAuth与spring
security结合使用,我认为没有任何办法可以使用它。您需要创建两个不同的项目,一个用于常规秒。一种是用于oAuth。
以上是 Spring Boot中的基本Auth + oAuth实现 的全部内容, 来源链接: utcz.com/qa/431980.html
