堆栈内存溢出
  简体   繁体   English

在我的情况下,如何在 springboot 的不同 url 中指定不同的身份验证?

[英]How to specific different authentications in different urls in springboot in my situation?

 原文  2022-06-11 07:25:44       java/ spring-boot/ ssl/ tomcat/ spring-security

问题描述

i have backend urls for some service to access, and frontend urls for website login to access, my situation is:我有一些服务访问的后端网址,以及网站登录访问的前端网址,我的情况是:

  1. /backend/**: HTTPS two-way authentication /backend/**: HTTPS 双向认证
  2. /frontend/**: HTTPS one-way authentication and token authentication /frontend/**: HTTPS 单向认证和token认证

I don't want to start two different springboot process.我不想启动两个不同的 springboot 进程。

I have found this answer but springboot not allow to disable client-auth for specific urls:我找到了这个答案,但 springboot 不允许禁用特定 url 的客户端身份验证:

Spring Boot: Disable Client Auth for specific URL Spring 引导:禁用特定 URL 的客户端身份验证

server:
  ssl:
    client-auth: need

and this answer maybe helpful, but i don't know how to mix two authentication method in my situation.这个答案可能有帮助,但我不知道如何在我的情况下混合使用两种身份验证方法。

How set up Spring Boot to run HTTPS / HTTP ports 如何设置Spring开机运行HTTPS / HTTP端口

please help.请帮忙。

1 个解决方案

解决方案1
 0  2022-06-13 09:24:21

For Spring-Boot 2.7.0 this should be as simple as defining 2 instances of SecurityFilterChain, idealy you'd want one of them to be the default (remove the http.mvcMatcher line) and give the other @Order(1).对于 Spring-Boot 2.7.0,这应该像定义 SecurityFilterChain 的 2 个实例一样简单,理想情况下您希望其中一个成为默认值(删除 http.mvcMatcher 行)并提供另一个 @Order(1)。 Incase of older implementations i'm not 100% sure, for further research you probably find better results looking for a way to support 2 login method depending on endpoint than looking into how to disable certain elements.如果是较旧的实现,我不是 100% 确定,为了进一步研究,您可能会找到更好的结果,寻找一种方法来支持取决于端点的 2 登录方法,而不是研究如何禁用某些元素。

@Configuration
public class WebSecurityConfig
{
    @Bean
    public SecurityFilterChain frontendFilterChain(HttpSecurity http) throws Exception
    {
        //@formatter:on
        http
            .mvcMatcher("/frontend/**")
            .authorizeRequests(auth -> auth.anyRequest().permitAll());
        //Extend with needed authentication
        //@formatter:off

        return http.build();
    }

    @Bean
    @Order(1)
    public SecurityFilterChain backendFilterChain(HttpSecurity http) throws Exception
    {
        //@formatter:on
        http
            .mvcMatcher("/backend/**")
            .authorizeRequests(auth -> auth.anyRequest().permitAll());
        //Extend with needed authentication
        //@formatter:off

        return http.build();
    }
}
    ```

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Java不同情况划分 - Java different situation division 如何在不同情况下使用不同的子类? - How can I use different subclass in different situation? springboot如何动态切换不同的数据源 - springboot how to dynamically switch different datasource 如何在springboot中配置两个不同的电子邮件? - how to configure two different emails in springboot? springboot如何在一个项目中映射不同数据库的不同查询? - How to map different queries for different database in one project in springboot? 如何在 Selenium 中打开不同的 URL(使用不同的用户名和密码) - How to open Different URLs(with different usernames and passwords) in Selenium 不同url的不同认证方式 - Different authentication method for different urls Spring控制器方法使用不同的参数共享我的多个@RequestMapping url - Spring controller method shared my multiple @RequestMapping urls with different parameters 不同URL的Netty处理程序 - Netty handlers for different URLs 如何使用springboot和logback按严重性将日志记录分为不同的文件 - How to separate logging by severity to different files using springboot and logback
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM