基于 Hippo CMS 支持多个子站点的 Spring Security 配置

【问题标题】:Spring Security configuration supporting multiple subsites based on Hippo CMS基于 Hippo CMS 支持多个子站点的 Spring Security 配置
【发布时间】:2013-11-01 23:18:16
【问题描述】:

我正在尝试使用基于 hippo cms 插件的 Spring Security。我在 hippo 3 中创建了每个登录的子站点。我应该如何配置 spring-security-context.xml 以支持多个子站点?所有子站点都将使用相同的身份验证提供程序。到目前为止,我已经配置了其中一个子站点。

<beans:beans xmlns="http://www.springframework.org/schema/security"
                     xmlns:beans="http://www.springframework.org/schema/beans"
                     xmlns:lang="http://www.springframework.org/schema/lang"
                     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                     xmlns:util="http://www.springframework.org/schema/util"
                     xmlns:aop="http://www.springframework.org/schema/aop"
                     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                       http://www.springframework.org/schema/lang http://www.springframework.org/schema/beans/spring-lang-3.1.xsd
                       http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd
                       http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
                       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<!-- HTTP Security Configuration -->

<!-- HTTP Security Configuration -->
<http auto-config="true">
    <intercept-url pattern="/css/**" />
    <intercept-url pattern="/images/**" />
    <intercept-url pattern="/binaries/**" />
    <intercept-url pattern="/vop/**" access="IS_AUTHENTICATED_ANONYMOUSLY, ROLE_everybody" />
    <form-login login-page="/vop"
                            default-target-url="/vop/vop-mysurvey-page"
                            always-use-default-target="true" />
    <logout logout-url="/logout.jsp" logout-success-url="/vop"/>
</http>
<!--
    Authentication Manager configuration with Hippo Repository based Authentication Provider configuration ('hippoAuthenticationProvider').
    However, you can use any other authentication provider(s) if you don't need to authenticate users against Hippo Repository.
-->
<authentication-manager>
    <authentication-provider ref="hippoAuthenticationProvider"/>
</authentication-manager>

<!--
    Hippo Repository based Authentication Provider. This Authentication Provider provide authentication against Hippo Repository Security Store.
    If you don't need to authenticate users against Hippo Repository, you don't have to include the following bean.
-->
<beans:bean id="hippoAuthenticationProvider"
                        class="org.onehippo.forge.security.support.springsecurity.authentication.HippoAuthenticationProvider">
</beans:bean>

例如我也想拥有<http auto-config="true"> <intercept-url pattern="/css/**" /> <intercept-url pattern="/images/**" /> <intercept-url pattern="/binaries/**" /> <intercept-url pattern="/erop/**" access="IS_AUTHENTICATED_ANONYMOUSLY, ROLE_everybody" /> <form-login login-page="/erop" default-target-url="/erop/mypage" always-use-default-target="true" /> <logout logout-url="/logout.jsp" logout-success-url="/erop"/> </http>

有什么想法吗?

【问题讨论】:

    标签: java spring configuration spring-security hippocms


    【解决方案1】:

    据我所知,spring 安全框架是基于 servlet 过滤器的,它的配置似乎与 Web 应用程序上下文相关联。因此,我认为您目前不能在单个 Web 应用程序上下文中托管多个 Spring 安全上下文。

    【讨论】:

      【解决方案2】:

      Spring security 支持保护多个子站点。配置取决于您的子站点,无论它们是否使用单独的主机名。

      当您的子站点在相同的主机名下运行时,您可以这样配置:

      <http pattern="/vop/**" ... >
  ...
</http>

<http pattern="/erop/**" ... >
  ...
</http>

      但是,如果您的子站点在不同的主机名上运行,则可能是 url 模式重叠。在这种情况下,您需要按主机名进行过滤,例如:

      <bean id="vopMatcher" class="org.springframework.security.web.util.ELRequestMatcher">
  <constructor-arg value="hasHeader('host','vop.com')"/>
</bean>

<bean id="eropMatcher" class="org.springframework.security.web.util.ELRequestMatcher">
  <constructor-arg value="hasHeader('host','erop.com')"/>
</bean>

<http request-matcher-ref ="vopMatcher" ... >
  ...
</http>

<http request-matcher-ref ="eropMatcher" ... >
  ...
</http>

      【讨论】:

        猜你喜欢
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 2021-02-15
        • 2011-09-23
        • 2012-02-09
        • 2015-11-25
        • 1970-01-01
        相关资源
        最近更新 更多
        热门标签
        Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode