如何为多个 servlet 配置 spring 安全性?
[英]How can I configure spring security for multiple servlets?
问题描述
I would like to use spring security in a spring mvc application that consists of two modules -- a "frontend" and a management module.
我想在由两个模块组成的 spring mvc 应用程序中使用 spring 安全性——一个“前端”和一个管理模块。 Both modules have their own dispatcher servlet (with different mappings) so they do have their own web context, but share the same root context.两个模块都有自己的调度程序 servlet(具有不同的映射),因此它们确实有自己的 Web 上下文,但共享相同的根上下文。
The management module has its own authentication database and users should be able to log into the "frontend" and management module simultaneously with different credentials.管理模块有自己的身份验证数据库,用户应该能够使用不同的凭据同时登录“前端”和管理模块。 Therefore I implemented two different UserDetailsService s.因此我实现了两个不同的UserDetailsService 。
I need two different AuthenticationManager s where both are responsible for different urls, corresponding to the servlets mappings.我需要两个不同的AuthenticationManager ,它们都负责不同的 url,对应于 servlets 映射。
How can I configure such a setup?如何配置这样的设置? Is it possible using java config?是否可以使用java配置?
Edit: until now I have the following configuration, which allows me to authorize users for the management module.编辑:到目前为止,我有以下配置,它允许我为管理模块授权用户。 The "frontend" modules authentication / authorization using the autowired frontendUserDetailsService is still missing.仍然缺少使用自动装配的frontendUserDetailsService的“前端”模块身份验证/授权。
@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
@Qualifier("frontend")
private UserDetailsService frontendUserDetailsService;
@Autowired
@Qualifier("management")
private UserDetailsService managementUserDetailsService;
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(managementUserDetailsService)
.passwordEncoder(passwordEncoder);
}
@Bean
@Qualifier("management")
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/manage/**")
.authorizeRequests()
.anyRequest()
.hasRole("ADMIN")
.and()
.formLogin();
}
}
1 个解决方案
解决方案1
6 已采纳 2014-12-19 19:50:26
You should create configuration that does a couple of things你应该创建做几件事的配置
- Enable the security启用安全
- Enable security for the frontend为前端启用安全性
- Enable security for the backend为后端启用安全性
Basically those are 3 different parts of configuration which all require their respective @Configuration class.基本上,这些是配置的 3 个不同部分,它们都需要各自的@Configuration类。
Something like the following should work.像下面这样的东西应该可以工作。
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig {
@Configuration
@Order(1)
public static class FrontEndSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
@Qualifier("frontend")
private UserDetailsService frontendUserDetailsService;
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(frontendUserDetailsService)
.passwordEncoder(passwordEncoder);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/frontend/**")
.authorizeRequests()
.anyRequest()
.hasRole("USER")
.and()
.formLogin();
}
}
@Configuration
@Order(2)
public static class BackendSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
@Qualifier("management")
private UserDetailsService managementUserDetailsService;
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(managementUserDetailsService)
.passwordEncoder(passwordEncoder);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/manage/**")
.authorizeRequests()
.anyRequest()
.hasRole("ADMIN")
.and()
.formLogin();
}
}
}
You probably need to tune the您可能需要调整
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.