Spring Boot 中的基本 Auth + oAuth 实现 [英] Basic Auth + oAuth Implementation in Spring Boot
问题描述
我正在尝试在 springboot 中实现 Basic Auth + oAuth2,意味着登录系统后某些 url 应该像传统方式一样工作,而有些应该在 AOuth2 上工作.
I am trying to implement Basic Auth + oAuth2 in springboot, means some url should work like traditional way after login to system, and some should work on AOuth2.
就像我想允许访问管理面板的 SuperAdmin 一样,url 从
Like I want to allow access to SuperAdmin for admin panel, with url starts from
/superAdmin/****
/superAdmin/****
我只想在一般登录系统后访问所有这些网址.
I just want to access all the these url after general login into the system.
和 Rest 服务应该在 AOuth2 上使用 url 开始形式
and Rest service should work on AOuth2 with url starts form
/api/vi/****
/api/vi/****
这些网址用于向申请人提供访问权限.
these urls are use to give access to the applicants.
单独两个都工作正常,但两个一起工作都不起作用.
Separately both are working fine, but together both are not working.
这是我的配置.
import in.kpis.tracking.configuration.CustomAuthenticationSuccessHandler;
import in.kpis.tracking.service.AdminUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
@Configuration
public class OAuth2ServerConfiguration {
protected static final String RESOURCE_ID = "restservice";
@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
// @formatter:off
resources.resourceId(RESOURCE_ID);
// @formatter:on
}
@Override
public void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/api/v1/*").hasRole("ADMIN")
.antMatchers("/greeting").authenticated();
}
}
@Configuration
public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
@Autowired
private AdminUserService adminUserService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(adminUserService);
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
@Configuration
@Order(1)
public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
String[] permitAll = new String[]{"/error"};
String[] permitToSuperAdmin = new String[]{
"/superAdmin/*",
};
http.authorizeRequests()
.antMatchers(permitToSuperAdmin).access("hasRole('SUPER_ADMIN')")
.antMatchers("/login").permitAll()
.and().formLogin().loginPage("/userLogin.html")
.usernameParameter("username")
.passwordParameter("password")
.loginProcessingUrl("/login")
.successHandler(new CustomAuthenticationSuccessHandler())
.and()
.logout().logoutSuccessUrl("/userLogin.html?logout")
.deleteCookies("JSESSIONID")
.invalidateHttpSession(true);
http.csrf().disable();
}
}
}
推荐答案
好问题为了将 oAuth 与 spring 安全性一起使用,我认为没有任何方法可以使用它.您需要创建两个不同的项目,一个用于一般项目.一个用于 oAuth.
Great Question In order to use oAuth with spring security, I think it's there is no any way to use this. You need to create two different projects one is for general sec. and one is for oAuth.
这篇关于Spring Boot 中的基本 Auth + oAuth 实现的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
