[英]How to use multiple login pages one for admin and the other one for user
I want two different login pages.我想要两个不同的登录页面。 One for admins and the other one for users.
一个供管理员使用,另一个供用户使用。
Using the code below only the class with @Order(1)
works when I remove the @Order
annotation from the static classes, only the last one works.当我从 static 类中删除
@Order
注释时,仅使用带有@Order(1)
的 class 下面的代码,只有最后一个有效。 I used them in two different ConfigSecurity
files, and it didn't work.我在两个不同的
ConfigSecurity
文件中使用了它们,但没有用。
I m expecting for both of them to work.我期待他们两个都能工作。 Yet only one is working.
然而只有一个在工作。
package com.example.FlightAgency.security;
import com.example.FlightAgency.service.UserService;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Configuration
@Order(1)
public static class App1ConfigurationAdapter {
@Bean
public UserDetailsService userDetailsService() {
return new UserService();
}
@Bean
public PasswordEncoder passwordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
@Bean
public SecurityFilterChain filterChainApp1(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.requestMatchers("/user/**").hasAuthority("USER")
.and()
.formLogin()
.loginPage("/user/login")
.usernameParameter("email")
.loginProcessingUrl("/user/login")
.defaultSuccessUrl("/user/")
.permitAll()
.and()
.logout()
.logoutUrl("/user/logout")
.logoutSuccessUrl("/user/login")
.deleteCookies("JSESSIONID")
.and()
.exceptionHandling()
.accessDeniedPage("/403")
.and()
.csrf().disable();
return http.build();
}
}
@Configuration
@Order(2)
public static class App2ConfigurationAdapter {
@Bean
public SecurityFilterChain filterChainApp2(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.requestMatchers("/admin/**").hasAuthority("ADMIN")
.and()
.formLogin()
.loginPage("/admin/login")
.usernameParameter("email")
.loginProcessingUrl("/admin/login")
.defaultSuccessUrl("/admin/")
.permitAll()
.and()
.logout()
.logoutUrl("/admin/logout")
.logoutSuccessUrl("/admin/login")
.deleteCookies("JSESSIONID")
.and()
.exceptionHandling()
.accessDeniedPage("/403")
.and()
.csrf().disable();
return http.build();
}
}
} `
Both security filter chains are not restricted (default is /**
).两个安全过滤器链都不受限制(默认为
/**
)。 You have to restrict the first one with securityMatcher
, see Spring Security Reference :您必须使用
securityMatcher
限制第一个,请参阅Spring Security Reference :
Multiple HttpSecurity Instances
多个 HttpSecurity 实例
We can configure multiple
HttpSecurity
instances just as we can have multiple<http>
blocks in XML. The key is to register multipleSecurityFilterChain
@Beans
.我们可以配置多个
HttpSecurity
实例,就像我们可以在 XML 中有多个<http>
块一样。关键是注册多个SecurityFilterChain
@Beans
。 The following example has a different configuration for URL's that start with/api/
.以下示例对以
/api/
开头的 URL 进行了不同的配置。@Configuration @EnableWebSecurity public class MultiHttpSecurityConfig { @Bean public UserDetailsService userDetailsService() throws Exception { // ensure the passwords are encoded properly UserBuilder users = User.withDefaultPasswordEncoder(); InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager(); manager.createUser(users.username("user").password("password").roles("USER").build()); manager.createUser(users.username("admin").password("password").roles("USER","ADMIN").build()); return manager; } @Bean @Order(1) public SecurityFilterChain apiFilterChain(HttpSecurity http) throws Exception { http.securityMatcher("/api/**").authorizeHttpRequests(authorize -> authorize.anyRequest().hasRole("ADMIN") ).httpBasic(withDefaults()); return http.build(); } @Bean public SecurityFilterChain formLoginFilterChain(HttpSecurity http) throws Exception { http.authorizeHttpRequests(authorize -> authorize.anyRequest().authenticated() ).formLogin(withDefaults()); return http.build(); } }
- Configure Authentication as usual.
像往常一样配置身份验证。
- Create an instance of
SecurityFilterChain
that contains@Order
to specify whichSecurityFilterChain
should be considered first.创建一个包含
@Order
的SecurityFilterChain
实例,以指定应首先考虑哪个SecurityFilterChain
。- The
http.securityMatcher
states that thisHttpSecurity
is applicable only to URLs that start with/api/
.http.securityMatcher
声明此HttpSecurity
仅适用于以/api/
开头的 URL。- Create another instance of
SecurityFilterChain
.创建
SecurityFilterChain
的另一个实例。 If the URL does not start with/api/
, this configuration is used.如果 URL 不是以
/api/
开头,则使用此配置。 This configuration is considered afterapiFilterChain
, since it has an@Order
value after1
(no@Order
defaults to last).此配置在
apiFilterChain
之后被考虑,因为它在1
之后有一个@Order
值(没有@Order
默认为 last)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.