堆栈内存溢出
  简体   繁体   English

如何使用多个登录页面,一个用于管理员,另一个用于用户

[英]How to use multiple login pages one for admin and the other one for user

 原文  2023-01-31 13:37:52       spring/ spring-boot/ spring-security

问题描述

I want two different login pages.我想要两个不同的登录页面。 One for admins and the other one for users.一个供管理员使用,另一个供用户使用。

Using the code below only the class with @Order(1) works when I remove the @Order annotation from the static classes, only the last one works.当我从 static 类中删除@Order注释时,仅使用带有@Order(1)的 class 下面的代码,只有最后一个有效。 I used them in two different ConfigSecurity files, and it didn't work.我在两个不同的ConfigSecurity文件中使用了它们,但没有用。

I m expecting for both of them to work.我期待他们两个都能工作。 Yet only one is working.然而只有一个在工作。

package com.example.FlightAgency.security;
import com.example.FlightAgency.service.UserService;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
public class SecurityConfig {

    @Configuration
    @Order(1)
    public static class App1ConfigurationAdapter {
        @Bean
        public UserDetailsService userDetailsService() {
            return new UserService();
        }

        @Bean
        public PasswordEncoder passwordEncoder() {
            return NoOpPasswordEncoder.getInstance();
        }

        @Bean
        public SecurityFilterChain filterChainApp1(HttpSecurity http) throws Exception {
            http
                .authorizeRequests()
                    .requestMatchers("/user/**").hasAuthority("USER")
                    .and()
                .formLogin()
                    .loginPage("/user/login")
                    .usernameParameter("email")
                    .loginProcessingUrl("/user/login")
                    .defaultSuccessUrl("/user/")
                    .permitAll()
                    .and()
                .logout()
                    .logoutUrl("/user/logout")
                    .logoutSuccessUrl("/user/login")
                    .deleteCookies("JSESSIONID")
                    .and()
                .exceptionHandling()
                    .accessDeniedPage("/403")
                    .and()
                .csrf().disable();
            return http.build();
        }
    }

    @Configuration
    @Order(2)
    public static class App2ConfigurationAdapter {

        @Bean
        public SecurityFilterChain filterChainApp2(HttpSecurity http) throws Exception {
            http
                .authorizeRequests()
                    .requestMatchers("/admin/**").hasAuthority("ADMIN")
                    .and()
                .formLogin()
                    .loginPage("/admin/login")
                    .usernameParameter("email")
                    .loginProcessingUrl("/admin/login")
                    .defaultSuccessUrl("/admin/")
                    .permitAll()
                    .and()
                .logout()
                    .logoutUrl("/admin/logout")
                    .logoutSuccessUrl("/admin/login")
                    .deleteCookies("JSESSIONID")
                    .and()
                .exceptionHandling()
                    .accessDeniedPage("/403")
                    .and()
                .csrf().disable();
            return http.build();
        }
    }
}    `

1 个解决方案

解决方案1
 0  2023-01-31 22:08:03

Both security filter chains are not restricted (default is /** ).两个安全过滤器链都不受限制(默认为/** )。 You have to restrict the first one with securityMatcher , see Spring Security Reference :您必须使用securityMatcher限制第一个,请参阅Spring Security Reference

Multiple HttpSecurity Instances多个 HttpSecurity 实例

We can configure multiple HttpSecurity instances just as we can have multiple <http> blocks in XML. The key is to register multiple SecurityFilterChain @Beans .我们可以配置多个HttpSecurity实例,就像我们可以在 XML 中有多个<http>块一样。关键是注册多个SecurityFilterChain @Beans The following example has a different configuration for URL's that start with /api/ .以下示例对以/api/开头的 URL 进行了不同的配置。

 @Configuration @EnableWebSecurity public class MultiHttpSecurityConfig { @Bean public UserDetailsService userDetailsService() throws Exception { // ensure the passwords are encoded properly UserBuilder users = User.withDefaultPasswordEncoder(); InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager(); manager.createUser(users.username("user").password("password").roles("USER").build()); manager.createUser(users.username("admin").password("password").roles("USER","ADMIN").build()); return manager; } @Bean @Order(1) public SecurityFilterChain apiFilterChain(HttpSecurity http) throws Exception { http.securityMatcher("/api/**").authorizeHttpRequests(authorize -> authorize.anyRequest().hasRole("ADMIN") ).httpBasic(withDefaults()); return http.build(); } @Bean public SecurityFilterChain formLoginFilterChain(HttpSecurity http) throws Exception { http.authorizeHttpRequests(authorize -> authorize.anyRequest().authenticated() ).formLogin(withDefaults()); return http.build(); } }
  1. Configure Authentication as usual.像往常一样配置身份验证。
  2. Create an instance of SecurityFilterChain that contains @Order to specify which SecurityFilterChain should be considered first.创建一个包含@OrderSecurityFilterChain实例,以指定应首先考虑哪个SecurityFilterChain
  3. The http.securityMatcher states that this HttpSecurity is applicable only to URLs that start with /api/ . http.securityMatcher声明此HttpSecurity仅适用于以/api/开头的 URL。
  4. Create another instance of SecurityFilterChain .创建SecurityFilterChain的另一个实例。 If the URL does not start with /api/ , this configuration is used.如果 URL 不是以/api/开头,则使用此配置。 This configuration is considered after apiFilterChain , since it has an @Order value after 1 (no @Order defaults to last).此配置在apiFilterChain之后被考虑,因为它在1之后有一个@Order值(没有@Order默认为 last)。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在Spring Security 4中,如何配置一个具有多个登录页面的登录页面,这些登录页面使用不同的URL模式进行拦截 - How to configure one login page with Multiple landing pages which intercept with different url patterns in spring security 4 如何授予一个用户(配置文件)仅删除jhipster中另一个用户(配置文件)的权限 - How to give rights for one user(profile) to delete only one other user(profile) in jhipster 多个登录页面 Spring - Multiple login pages Spring 如何仅使用一个代码库对多个容器使用多种配置? - How to use multiple configurations for multiple containers with only one codebase? 如何通过一个jsp中的链接将寄存器切换为登录表单(或其他方式)? - How to switch a register to a login form (or other way round) with a link within one jsp? 一个接一个地调度多个cron作业 - Scheduling multiple cron jobs one after the other 如何在一个以上的项目中共享JSP页面? - How to share JSP pages in more then one project? 如何限制每个用户只有一个会话并阻止后续登录尝试? - How to limit only one session per user and block the subsequent login attempt? 春季如何使用一个网络环境进行多次测试 - spring how to use one web-environment for multiple test 如何配置多个Spring Bean并选择使用哪个? 可能吗? - How to configure multiple Spring beans and choose which one to use? Is it possible?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM