details在Java中_Spring安全性在Java配置中使用两个自定义UserDetailsServices
我試圖將XML中的實(shí)際安全配置傳遞給Java,但我不知道為什么在兩個(gè)過濾器中有兩個(gè)UserdetailsService,過濾器總是使用相同的UserdetailsService。
XML配置:
auto-config="false">
auto-config="false">
auto-config="false">
Java配置:
@EnableWebSecurity
public class SecurityConfig {
@Autowired
private CustomUserAppDetailsService customUserAppDetailsService;
@Autowired
private CustomRefreshTokenAppDetailsService customRefreshTokenAppDetailsService;
@Autowired
private CustomAccessTokenAppDetailsService customAccessTokenAppDetailsService;
@Bean
public TokenAuthenticationEntryPoint tokenAuthenticationEntryPoint(){
return new TokenAuthenticationEntryPoint();
}
@Configuration
@Order(1)
public class RefreshTokenSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Bean
public AuthenticationManager refresTokenAuthenticationManager() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public RefreshTokenAuthenticationFilter refreshTokenAuthenticationFilter(){
return new RefreshTokenAuthenticationFilter();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider ();
authenticationProvider.setUserDetailsService(customRefreshTokenAppDetailsService);
http
.csrf().disable()
.antMatcher("/v1/Login/refresh/**")
.userDetailsService(customRefreshTokenAppDetailsService)
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.exceptionHandling()
.authenticationEntryPoint(tokenAuthenticationEntryPoint())
.and()
.authorizeRequests()
.antMatchers("/v1/Login/refresh/**").access("hasRole('ROLE_USER')")
.and()
.requiresChannel()
.antMatchers("/v1/Login/refresh/**").requiresSecure()
.and()
.addFilterBefore(refreshTokenAuthenticationFilter(), BasicAuthenticationFilter.class);
}
}
@Configuration
@Order(2)
public class LoginSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider ();
authenticationProvider.setUserDetailsService(customUserAppDetailsService);
authenticationProvider.setPasswordEncoder(new Md5PasswordEncoder());
http
.csrf().disable()
.antMatcher("/v1/Login/**")
.authenticationProvider(authenticationProvider)
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests().antMatchers("/v1/Login/**").access("hasRole('ROLE_USER')")
.and()
.requiresChannel().antMatchers("/v1/Login/**").requiresSecure()
.and()
.httpBasic();
}
}
@Configuration
@Order(3)
public class UsuarioSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Bean
public TokenAuthenticationFilter tokenAuthenticationEmpresaFilter() throws Exception {
TokenAuthenticationFilter tokenAuthenticationFilter = new TokenAuthenticationFilter();
tokenAuthenticationFilter.setAuthenticationManager(super.authenticationManager());
return tokenAuthenticationFilter;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider ();
authenticationProvider.setUserDetailsService(customAccessTokenAppDetailsService);
http
.csrf().disable()
.antMatcher("/v1/UsuarioEmpresa/**")
.authenticationProvider(authenticationProvider)
.userDetailsService(customAccessTokenAppDetailsService)
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.exceptionHandling()
.authenticationEntryPoint(tokenAuthenticationEntryPoint())
.and()
.authorizeRequests()
.antMatchers("/v1/UsuarioEmpresa/**").access("hasRole('ROLE_USER')")
.and()
.requiresChannel()
.antMatchers("/v1/UsuarioEmpresa/").requiresSecure()
.antMatchers("/v1/UsuarioEmpresa/**").requiresSecure()
.and()
.addFilterBefore(tokenAuthenticationEmpresaFilter(), BasicAuthenticationFilter.class);
}
}
}出于某種原因,http配置(順序1和3)均使用customRefreshTokenAppDetailsService。總是使用第一個(gè)http的UserDetailsService。
總結(jié)
以上是生活随笔為你收集整理的details在Java中_Spring安全性在Java配置中使用两个自定义UserDetailsServices的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: java调用easyxml接口_【技术教
- 下一篇: Java锁 优先级_详解Java的线程的