此问题已在此处找到答案:
Spring Security :多个http配置不工作(2个答案)
两个月前关门了。
我正在通过扩展 WebSecurityConfigurerAdaptor 如下
@Configuration
@Order(100)
public class CustomerSecurityAppConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user1")
.password("{noop}password")
.and()
.withUser("user2")
.password("{noop}password")
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.cors().disable();
http
.authorizeRequests()
.antMatchers("/customers/**")
.anyRequest()
.authenticated()
.and()
.formLogin()
.and()
.httpBasic();
}
}
@Configuration
class EmployeeSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("admin")
.password("{noop}password")
.roles("USER", "ADMIN")
.and()
.withUser("user")
.password("{noop}password")
.roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.cors().disable();
http
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/inventory/**")
.hasAnyRole("USER", "ADMIN")
.antMatchers(HttpMethod.POST, "/inventory/**")
.hasRole("ADMIN")
.anyRequest()
.authenticated()
.and()
.formLogin()
.and()
.httpBasic();
}
}这里的想法是有两个 realms . 一个用于客户,一个用于订单。当我发出http请求时,我得到 200 OK 双方的回应 /inventory 及 /customers 已为配置用户的终结点 CustomerSecurityConfiguration 得到 401 为配置的两个用户都出现错误 EmployeeSecurityConfiguration 配置我有两个rest端点 inventory 及 customers 具有 GET 及 POST . 我哪里做错了?
1条答案
按热度按时间twh00eeo1#
我必须为http添加请求匹配器,如下所示