我有一个带有Spring Security的Spring Boot应用程序。 要配置新的端点/health ,以便可通过基本HTTP身份验证进行访问。 当前的HttpSecurity配置如下:
@Override protected void configure(HttpSecurity http) throws Exception { http.requestMatchers() .antMatchers(HttpMethod.OPTIONS, "/**") .and() .csrf() .disable() .authorizeRequests() .anyRequest() .permitAll() .and() .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS);}
如何为/health添加基本身份验证? 我想我需要这样的东西,但我不认为这是完全正确的,我真的不明白在哪里添加它:
.authorizeRequests() .antMatchers( // Health status "/health", "/health/" ) .hasRole(HEALTH_CHECK_ROLE) .and() .httpBasic() .realmName(REALM_NAME) .authenticationEntryPoint(getBasicAuthEntryPoint()) .and() .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS)我发现这些资源很有帮助,但还不够:
http://www.baeldung.com/spring-security-basic-authentication http://websystique.com/spring-security/secure-spring-rest-api-using-basic-authentication/I have a Spring Boot application with Spring Security. A new endpoint /health is to be configured so it is accessible via basic HTTP authentication. The current HttpSecurity configuration is as follows:
@Override protected void configure(HttpSecurity http) throws Exception { http.requestMatchers() .antMatchers(HttpMethod.OPTIONS, "/**") .and() .csrf() .disable() .authorizeRequests() .anyRequest() .permitAll() .and() .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS);}
How do I add base auth for /health? I figure I need something like this, but I don't think this is completely correct, and I don't really understand where exactly to add it:
.authorizeRequests() .antMatchers( // Health status "/health", "/health/" ) .hasRole(HEALTH_CHECK_ROLE) .and() .httpBasic() .realmName(REALM_NAME) .authenticationEntryPoint(getBasicAuthEntryPoint()) .and() .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS)I found these resources to be helpful, but not sufficient:
http://www.baeldung.com/spring-security-basic-authentication http://websystique.com/spring-security/secure-spring-rest-api-using-basic-authentication/最满意答案
解决方案是实现多种配置,如下所述: https : //docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#multiple-httpsecurity
The solution is to implement multiple configurations, as explained here: https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#multiple-httpsecurity
更多推荐
发布评论