堆栈内存溢出
  简体   繁体   English

不同url的不同认证方式

[英]Different authentication method for different urls

 原文  2012-11-13 17:14:11       java/ spring/ spring-security

问题描述

I'm using spring-security (3.0.5.RELEASE) in my application.我在我的应用程序中使用 spring-security (3.0.5.RELEASE)。 This application hosts an api and some restricted access for users, i would like to use spring-security to authenticate on both sides of the application.该应用程序为用户托管了一个 api 和一些受限的访问权限,我想使用 spring-security 在应用程序的双方进行身份验证。

  • Api is on mydomain/api/* Api 在 mydomain/api/* 上
  • User restricted access is on mydomain/restricted/*用户受限访问位于 mydomain/restricted/*

Api authentication must be done by a sort of api_key Api 身份验证必须通过某种 api_key 完成

User access authentication is done by a login form用户访问认证是通过登录表单完成的

The first question is : Is it possible?第一个问题是:这可能吗?
If yes, how could i do it?如果是,我该怎么做? i've read a lot of things on the Internet, but i can't figure out how to do it (except by upgrading to spring 3.1 ...)我在互联网上阅读了很多东西,但我不知道该怎么做(除非升级到 spring 3.1 ...)

Any help is welcome ...欢迎任何帮助......

Regards问候

1 个解决方案

解决方案1
 3 已采纳  2012-11-13 18:13:36

Upgrading to Spring Security 3.1 is really the best way to do this cleanly.升级到 Spring Security 3.1 确实是彻底做到这一点的最佳方式。 If you can't do that you can still achieve the desired result but it's not going to be as pretty.如果你不能这样做,你仍然可以达到预期的结果,但它不会那么漂亮。 If your resources are cleanly separated in the URL space (as they appear to be) you can add a second Spring Security filter covering only the /api resources and make sure it applies before the default one.如果您的资源在 URL 空间中完全分离(就像它们看起来一样),您可以添加第二个 Spring Security 过滤器,仅覆盖 /api 资源,并确保它在默认资源之前应用。 To separate the configuration in Spring Security 3.0 you need a separate application context for your second filter, and configure the filter to find it in a well-known place - eg a DispatcherServlet creates a context and stores it in the servlet context in an attribute related to its name ("api" in the example below):要在 Spring Security 3.0 中分离配置,您需要为第二个过滤器提供一个单独的应用程序上下文,并将过滤器配置为在众所周知的地方找到它 - 例如, DispatcherServlet 创建一个上下文并将其存储在 servlet 上下文中的相关属性中到它的名字(下面例子中的“api”):

<filter>
    <filter-name>apiSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    <init-param>
        <param-name>contextAttribute</param-name>
        <param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.api</param-value>
    </init-param>
</filter>

    <filter-mapping>
    <filter-name>apiSecurityFilterChain</filter-name>
    <url-pattern>/api/*</url-pattern>
</filter-mapping>

<servlet>
    <servlet-name>api</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
</servlet>

The dispatcher servlet in this example has an application context at /WEB-INF/api-servlet.xml which contains a Spring Security filter chain with id="apiSecurityFilter" .此示例中的调度程序 servlet 在/WEB-INF/api-servlet.xml处有一个应用程序上下文,其中包含一个带有id="apiSecurityFilter"的 Spring Security 过滤器链。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Spring控制器方法使用不同的参数共享我的多个@RequestMapping url - Spring controller method shared my multiple @RequestMapping urls with different parameters 如何通过 asyncTask 方法解析来自 2 个不同 URL 的数据 - How to parse data from 2 different URLs by asyncTask method 不同URL的Netty处理程序 - Netty handlers for different URLs Spring异常处理,不同URL的不同视图 - Spring Exception handling, different view for different urls 具有针对不同用户的不同URL的Web应用程序 - Web Application with different URLs for different Users 具有不同URL的意外GET值 - Unexpected GET values with different URLs 使用不同URL的Java Servlet测试 - java servlet test with different URLs Spring身份验证:不同的登录表单 - Spring Authentication: Different Loginforms Spring Boot:2个URL的2个不同的登录页面 - Spring Boot: 2 different login pages for 2 URLs ExoPlayer 多个不同分辨率的 DASH URL 作为轨道 - ExoPlayer multiple DASH URLs of different resolutions as tracks
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM