将 web.xml 安全约束与 Spring Boot 结合使用

我有一个特殊的情况，我需要使用应用程序服务器（Weblogic）安全上下文进行身份验证，但使用 Spring Security 进行授权。我在用Spring Boot创建我的应用程序。

如何添加如下所示的安全约束（通常包含在web.xml):

<security-constraint>
        <web-resource-collection>
            <web-resource-name>portal</web-resource-name>
            <description>This is the protected area of the application.</description>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <description>Requires users to be authenticated but does not require them to be authorized.</description>
            <role-name>*</role-name>
        </auth-constraint>
        <user-data-constraint>
            <description>Encryption is not required for this area.</description>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
</security-constraint>

请记住，我需要从我的Weblogic服务器和not Spring Security

您可以根据安全限制在 WEB-INF 中添加 web.xml。这将与 spring boot java 配置一起使用。

@ComponentScan   
@SpringBootApplication
public class Application extends SpringBootServletInitializer implements WebApplicationInitializer {

   public static void main(String[] args) {
      SpringApplication.run(Application.class, args);
   }

   @Override
   protected SpringApplicationBuilder configure(SpringApplicationBuilder builder) {
      return builder.sources(Application.class);
   }
}

web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
         metadata-complete="false" version="3.0">

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>portal</web-resource-name>
            <description>This is the protected area of the application.</description>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <description>Requires users to be authenticated but does not require them to be authorized.</description>
            <role-name>*</role-name>
        </auth-constraint>
        <user-data-constraint>
            <description>Encryption is not required for this area.</description>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

</web-app>