那些遇到过的问题

小编use*_*594的帖子

对同一资源使用Oauth2或Http-Basic身份验证的Spring安全性

我正在尝试使用受Oauth2或Http-Basic身份验证保护的资源来实现API.

当我加载首先将http-basic身份验证应用于资源的WebSecurityConfigurerAdapter时,不接受Oauth2令牌身份验证.反之亦然.

示例配置: 这将http-basic身份验证应用于所有/ user/**资源

@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    private LoginApi loginApi;

    @Autowired
    public void setLoginApi(LoginApi loginApi) {
        this.loginApi = loginApi;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(new PortalUserAuthenticationProvider(loginApi));
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/users/**").authenticated()
                .and()
            .httpBasic();
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
}
Run Code Online (Sandbox Code Playgroud)

这将oauth令牌保护应用于/ user/**资源

@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws …
Run Code Online (Sandbox Code Playgroud)

java security spring-security spring-security-oauth2

use*_*594
lucky-day
29
推荐指数
3
解决办法
2万
查看次数

标签 统计

java ×1

security ×1

spring-security ×1

spring-security-oauth2 ×1