关于spring-oauth2的笔记
来源:互联网 发布:sql注入攻击登录 编辑:程序博客网 时间:2024/06/05 12:43
一直很困惑这中spring security 的链式的httpSecurity怎么配置,以下是笔记
来着stackoverflow
Java Code
2
3
4
5
6
7
8
9
10
11
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/shutdown").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/authentication.html")
.loginProcessingUrl("/login")
.failureUrl("/authentication.html")
.permitAll();
.csrf().disable()
.authorizeRequests()
.antMatchers("/shutdown").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/authentication.html")
.loginProcessingUrl("/login")
.failureUrl("/authentication.html")
.permitAll();
自定义一个RequestMatcher
Java Code
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
@Override
public void configure(HttpSecurity http) throws Exception
{
// @formatter:off
http.requestMatcher(new OAuth2RequestedMatcher()).authorizeRequests().antMatchers("/api/**")
.permitAll().anyRequest().authenticated();
// @formatter:on
}
private static class OAuth2RequestedMatcher implements RequestMatcher
{
@Override
public boolean matches(HttpServletRequest request)
{
String auth = request.getHeader("Authorization");
// 判断来源请求是否包含oauth2授权信息,这里授权信息来源可能是头部的Authorization值以Bearer开头,
//或者是请求参数中包含access_token参数,满足其中一个则匹配成功
boolean haveOauth2Token = (auth != null) && auth.startsWith("Bearer");
boolean haveAccessToken = request.getParameter("access_token") != null;
return haveOauth2Token || haveAccessToken;
}
}
public void configure(HttpSecurity http) throws Exception
{
// @formatter:off
http.requestMatcher(new OAuth2RequestedMatcher()).authorizeRequests().antMatchers("/api/**")
.permitAll().anyRequest().authenticated();
// @formatter:on
}
private static class OAuth2RequestedMatcher implements RequestMatcher
{
@Override
public boolean matches(HttpServletRequest request)
{
String auth = request.getHeader("Authorization");
// 判断来源请求是否包含oauth2授权信息,这里授权信息来源可能是头部的Authorization值以Bearer开头,
//或者是请求参数中包含access_token参数,满足其中一个则匹配成功
boolean haveOauth2Token = (auth != null) && auth.startsWith("Bearer");
boolean haveAccessToken = request.getParameter("access_token") != null;
return haveOauth2Token || haveAccessToken;
}
}
来自:http://www.cnblogs.com/davidwang456/p/4549344.html
匿名用户控制:
Java Code
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
@Configuration
@EnableWebSecurity
public class AnononymousSecurityConfig extends WebSecurityConfigurerAdapter
{
@Override
protected void configure(HttpSecurity http) throws Exception
{
http
.authorizeRequests()
.antMatchers("/").hasRole("USER")
.and()
.formLogin()
.and()
// sample anonymous customization
.anonymous()
.authorities("ROLE_ANON");
}
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception
{
auth
.inMemoryAuthentication()
.withUser("user")
.password("password")
.roles("USER");
}
}
@EnableWebSecurity
public class AnononymousSecurityConfig extends WebSecurityConfigurerAdapter
{
@Override
protected void configure(HttpSecurity http) throws Exception
{
http
.authorizeRequests()
.antMatchers("/").hasRole("USER")
.and()
.formLogin()
.and()
// sample anonymous customization
.anonymous()
.authorities("ROLE_ANON");
}
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception
{
auth
.inMemoryAuthentication()
.withUser("user")
.password("password")
.roles("USER");
}
}
Java Code
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
@Configuration
@EnableWebSecurity
public class MultiHttpSecurityConfig
{
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception
{
DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(
"ldap://127.0.0.1:389/dc=mycompany,dc=com");
contextSource.setUserDn("cn=admin,dc=mycompany,dc=com");
contextSource.setPassword("admin");
contextSource.afterPropertiesSet();
BindAuthenticator authenticator = new BindAuthenticator(contextSource);
authenticator.setUserDnPatterns(new String[] { "uid={0},ou=people" });
DefaultLdapAuthoritiesPopulator populator = new DefaultLdapAuthoritiesPopulator(
contextSource, "ou=groups");
populator.setGroupRoleAttribute("cn");
populator.setGroupSearchFilter("uniqueMember={0}");
AuthenticationProvider authProvider = new LdapAuthenticationProvider(
authenticator, populator);
auth.authenticationProvider(authProvider);
}
@Configuration
@Order(1)
public static class IndexSecurityConfig extends WebSecurityConfigurerAdapter
{
@Override
public void configure(HttpSecurity http) throws Exception
{
http.antMatcher("/index.jsp").anonymous();
}
}
@Configuration
@Order(2)
public static class HtmlSecurityConfig extends WebSecurityConfigurerAdapter
{
@Override
public void configure(HttpSecurity http) throws Exception
{
http.antMatcher("/html/**")
.authorizeRequests()
.antMatchers("/html/submit.jsp").hasRole("BLACK")
.antMatchers("/html/forbidden.html").authenticated()
.and().formLogin()
.loginPage("/html/login.jsp")
.loginProcessingUrl("/html/login")
.defaultSuccessUrl("/index.jsp")
.permitAll()
.and().logout().logoutUrl("/html/logout")
.and().exceptionHandling().accessDeniedPage("/html/403.jsp");
}
@Override
public void configure(WebSecurity web)
{
web.ignoring().antMatchers("/html/forbidden.html");
}
}
@Configuration
@Order(3)
public static class AjaxSecurityConfig extends WebSecurityConfigurerAdapter
{
@Override
public void configure(HttpSecurity http) throws Exception
{
http
.antMatcher("/ajax/**")
.authorizeRequests().anyRequest().hasRole("RED")
.and()
.httpBasic();
}
}
}
@EnableWebSecurity
public class MultiHttpSecurityConfig
{
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception
{
DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(
"ldap://127.0.0.1:389/dc=mycompany,dc=com");
contextSource.setUserDn("cn=admin,dc=mycompany,dc=com");
contextSource.setPassword("admin");
contextSource.afterPropertiesSet();
BindAuthenticator authenticator = new BindAuthenticator(contextSource);
authenticator.setUserDnPatterns(new String[] { "uid={0},ou=people" });
DefaultLdapAuthoritiesPopulator populator = new DefaultLdapAuthoritiesPopulator(
contextSource, "ou=groups");
populator.setGroupRoleAttribute("cn");
populator.setGroupSearchFilter("uniqueMember={0}");
AuthenticationProvider authProvider = new LdapAuthenticationProvider(
authenticator, populator);
auth.authenticationProvider(authProvider);
}
@Configuration
@Order(1)
public static class IndexSecurityConfig extends WebSecurityConfigurerAdapter
{
@Override
public void configure(HttpSecurity http) throws Exception
{
http.antMatcher("/index.jsp").anonymous();
}
}
@Configuration
@Order(2)
public static class HtmlSecurityConfig extends WebSecurityConfigurerAdapter
{
@Override
public void configure(HttpSecurity http) throws Exception
{
http.antMatcher("/html/**")
.authorizeRequests()
.antMatchers("/html/submit.jsp").hasRole("BLACK")
.antMatchers("/html/forbidden.html").authenticated()
.and().formLogin()
.loginPage("/html/login.jsp")
.loginProcessingUrl("/html/login")
.defaultSuccessUrl("/index.jsp")
.permitAll()
.and().logout().logoutUrl("/html/logout")
.and().exceptionHandling().accessDeniedPage("/html/403.jsp");
}
@Override
public void configure(WebSecurity web)
{
web.ignoring().antMatchers("/html/forbidden.html");
}
}
@Configuration
@Order(3)
public static class AjaxSecurityConfig extends WebSecurityConfigurerAdapter
{
@Override
public void configure(HttpSecurity http) throws Exception
{
http
.antMatcher("/ajax/**")
.authorizeRequests().anyRequest().hasRole("RED")
.and()
.httpBasic();
}
}
}
http://www.tuicool.com/articles/uqAR3m6
阅读全文
0 0
- 关于spring-oauth2的笔记
- Spring security oauth2最简单入门环境搭建--二、干货 博客分类: OAuth2 spring security oauth入门配置oauth2教程 关于OAuth2的一些简介
- OAuth2笔记
- spring cloud oauth2 feign 遇到的坑
- 使用Spring security oauth2遇到的问题
- OAuth2 & Spring Security OAuth2 总结
- 关于Spring的一些笔记
- 关于Spring Transaction的笔记
- 关于spring 的一些笔记
- Spring-security-oauth2讲解
- spring security oauth2配置
- spring-security-oauth2整合
- spring oauth2相关资料
- Spring Security#OAuth2
- Spring Boot OAuth2
- spring-boot oauth2
- Spring boot OAuth2 例子
- Spring Security OAuth2#resource_ids
- [caioj1469][后缀数组]连续重复子串
- S3C2440 SDRAM驱动配置编程
- 代理情况下httpClient4.3 发本机404问题 (nginx + tomcat6 )
- loadrunner Web_类函数之web_url()
- 第四周项目3—单链表应用(3)
- 关于spring-oauth2的笔记
- 解决spring boot启动报错java.lang.NoClassDefFoundError: ch/qos/logback/classic/Level
- 斜率优化dp小结
- 题目49:开心的小明
- [总结]----Hive创建表格的几种方式
- 程序员把妹从入门到精通(一)
- bzoj1977 [BeiJing2010]次小生成树 Tree(kruskal+树上倍增)
- LED_1_1(流水灯)
- HDU1251(静态维护字典树模板题)
