Spring Boot-如何配置多个登录页面 [英] Spring boot - how to configure multiple login pages?
问题描述
与我们的团队一起,我们使用Spring Boot编写了Spring应用程序+ SAPUI5门户.Web应用程序分为三个单独的位置,例如:
With my team we have written Spring application + SAPUI5 portal using Spring Boot. Web application is divided into three separate locations for example:
webapp:-app1-app2-app3
webapp: - app1 - app2 - app3
要访问那些应用程序,我们实现了登录页面.根据用户角色,我们将用户重定向到确切的应用.
To get access to those applications we implemented login page. Based on user role, we redirect users to exact app.
我的spring应用程序安全性如下:
my spring application security looks like:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/app1/**/*.*")
.permitAll()
.antMatchers("/register.html")
.permitAll()
//
.antMatchers("/app2/*.*")
.hasRole("USER")
//
//
.antMatchers("/login*")
.permitAll()
.antMatchers("/soap/*")
.permitAll()
.antMatchers("/postLogin")
.authenticated()
//
.antMatchers("/app3/*")
//.permitAll()
.hasRole("ADMIN")
//
.anyRequest()
.authenticated()
// log in
.and()
.formLogin()
.loginPage("/login")
.failureUrl("/login?error=loginError")
.defaultSuccessUrl("/postLogin")
// logout
.and().logout().logoutUrl("/**/logout")
.logoutSuccessUrl("/login").deleteCookies("JSESSIONID").and()
.csrf()
.disable()
当然还有带重定向的类.现在,我们必须为每个应用程序提供不同的登录页面.我试图将spring security配置为在不同页面上接受多个登录表单,但是它不起作用.是否可以?我阅读了文档,但没有定论.
and of course we have class with redirections. Now we must provide for each app , different login page. I tried to configure spring security to accept multiple login form on different pages but it don't work. Is it possible? I read documentation but it is inconclusive.
推荐答案
您应该能够通过使用不同的实例配置多个HttpSecurity对象来做到这一点.它类似于此问题和Spring Security 此处的文档.基本上,您可以在配置类中定义多个扩展WebSecurityConfigurerAdapter的静态类.我自己使用它来根据URLS配置不同类型的auth(表单/基本),并进行了快速测试以确认它.我相信您的示例中会出现这种情况(如果我正确阅读了您的意图):
You should be able to do this by configuring multiple HttpSecurity objects using different instances. It is similar to this question and the Spring Security documentation here. Basically you define multiple static classes in your configuration class that extend WebSecurityConfigurerAdapter. I am using this myself to configure different types of auth (form/basic) based on the URLS and did a quick test to confirm it. I believe something like this in your example (if I am reading your intent correctly):
@EnableWebSecurity
public class MultiHttpSecurityConfig {
@Configuration
@Order(1)
public static class App1ConfigurationAdapter extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/app1/**/*.*")
.permitAll()
.antMatchers("/register.html")
.permitAll()
.anyRequest()
.authenticated()
// log in
.and()
.formLogin()
.loginPage("/login")
.failureUrl("/login?error=loginError")
.defaultSuccessUrl("/postLogin")
// logout
.and().logout().logoutUrl("/**/logout")
.logoutSuccessUrl("/login").deleteCookies("JSESSIONID").and()
.csrf()
.disable();
}
}
@Configuration
public static class App2ConfigurationAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/app2/*.*")
.hasRole("USER")
// log in
.and()
.formLogin()
.loginPage("/login2")
.failureUrl("/login2?error=loginError")
.defaultSuccessUrl("/postLogin")
// logout
.and().logout().logoutUrl("/**/logout")
.logoutSuccessUrl("/login2").deleteCookies("JSESSIONID").and()
.csrf()
.disable();
}
}
}
请注意,这些并不是真正不同的应用程序实例,因此,如果您以特定用户身份进行身份验证然后再转到未经授权的区域,则不会将您重定向到登录名.
Note that these are not really different application instances so you won't be redirected to a login if you authenticate as a certain user and then go to an area where you are not authorized.
这篇关于Spring Boot-如何配置多个登录页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
