【发布时间】:2017-01-17 07:31:32
【问题描述】:
applicationcontext.xml 部分
<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map request-matcher="ant">
<security:filter-chain pattern="/health"
filters="none" />
<security:filter-chain pattern="/swagger-ui.html"
filters="none" />
<security:filter-chain pattern="/images/**"
filters="none" />
<security:filter-chain pattern="/webjars/**"
filters="none" />
<security:filter-chain pattern="/v2/apidocs"
filters="none" />
<security:filter-chain pattern="/*.ico"
filters="none" />
<security:filter-chain pattern="/**"
filters="customAuthorizationFilter" />
</security:filter-chain-map>
文件:security-context.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<http>
<intercept-url pattern="/swagger-ui.html" access="hasRole('ROLE_ADMIN')" />
<http-basic/>
<csrf disabled="true"/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="abc" password="Basicauth" authorities="ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
有自定义过滤器通过验证请求和检查错误来保护方法。 包含 security-context.xml 文件后,用于具有用户名和密码的特定端点(swagger-ui.html)的基于资源的安全性。
此安全更改后,自定义过滤器身份验证不起作用,可能会被新的安全实施覆盖。如何解决这个问题?
【问题讨论】:
标签: spring rest spring-security