如何使用spring security为特定端点添加HTTP基本身份验证？(How do I add HTTP basic auth for a specific endpoint with spri

如何使用spring security为特定端点添加HTTP基本身份验证？(How do I add HTTP basic auth for a specific endpoint with spring security?)

我有一个带有Spring Security的Spring Boot应用程序。要配置新的端点/health ，以便可通过基本HTTP身份验证进行访问。当前的HttpSecurity配置如下：

@Override protected void configure(HttpSecurity http) throws Exception { http.requestMatchers() .antMatchers(HttpMethod.OPTIONS, "/**") .and() .csrf() .disable() .authorizeRequests() .anyRequest() .permitAll() .and() .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS);

}

如何为/health添加基本身份验证？我想我需要这样的东西，但我不认为这是完全正确的，我真的不明白在哪里添加它：

.authorizeRequests() .antMatchers( // Health status "/health", "/health/" ) .hasRole(HEALTH_CHECK_ROLE) .and() .httpBasic() .realmName(REALM_NAME) .authenticationEntryPoint(getBasicAuthEntryPoint()) .and() .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS)

我发现这些资源很有帮助，但还不够：

http://www.baeldung.com/spring-security-basic-authentication http://websystique.com/spring-security/secure-spring-rest-api-using-basic-authentication/

I have a Spring Boot application with Spring Security. A new endpoint /health is to be configured so it is accessible via basic HTTP authentication. The current HttpSecurity configuration is as follows:

@Override protected void configure(HttpSecurity http) throws Exception { http.requestMatchers() .antMatchers(HttpMethod.OPTIONS, "/**") .and() .csrf() .disable() .authorizeRequests() .anyRequest() .permitAll() .and() .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS);

}

How do I add base auth for /health? I figure I need something like this, but I don't think this is completely correct, and I don't really understand where exactly to add it:

.authorizeRequests() .antMatchers( // Health status "/health", "/health/" ) .hasRole(HEALTH_CHECK_ROLE) .and() .httpBasic() .realmName(REALM_NAME) .authenticationEntryPoint(getBasicAuthEntryPoint()) .and() .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS)

I found these resources to be helpful, but not sufficient:

http://www.baeldung.com/spring-security-basic-authentication http://websystique.com/spring-security/secure-spring-rest-api-using-basic-authentication/

最满意答案

解决方案是实现多种配置，如下所述： https ： //docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#multiple-httpsecurity

The solution is to implement multiple configurations, as explained here: https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#multiple-httpsecurity

更多推荐