我正在尝试同时配置两个SecurityConfig。这个 SecurityConfig 需要keydove auth服务器上的oauth授权(嵌入在单独的spring应用程序中)。这个 OauthSecurityConfig 需要googleapi的oauth授权。两个配置都可以工作,当分别实现时(当我一次只定义一个配置时)。
现在,只有一个有效(用 @Order(1) ). 我正试图通过以下方式实现它们:
@EnableWebSecurity
public class MultiSecurityConfig {
@Configuration
@Order(1)
public static class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors()
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/auth/**")
.hasAnyAuthority("SCOPE_read", "SCOPE_write")
.anyRequest()
.permitAll()
.and()
.oauth2ResourceServer()
.jwt();
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", new CorsConfiguration().applyPermitDefaultValues());
return source;
}
}
@Configuration
public static class OauthSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors()
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/oauth/**")
.authenticated()
.anyRequest()
.permitAll()
.and()
.oauth2Login();
}
}
}我做错什么了?
1条答案
按热度按时间zpjtge221#
事实证明,要使多个securityconfig正常工作,必须在每个配置中定义“.antmatcher()”,如下所示: