我有一个带有 Spring Security 的 Spring Boot 应用程序。一个新的端点/health
进行配置,以便可以通过基本 HTTP 身份验证进行访问。目前的HttpSecurity
配置如下:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.requestMatchers()
.antMatchers(HttpMethod.OPTIONS, "/**")
.and()
.csrf()
.disable()
.authorizeRequests()
.anyRequest()
.permitAll()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
如何添加基本身份验证/health
?我想我需要这样的东西,但我认为这并不完全正确,而且我真的不明白到底在哪里添加它:
.authorizeRequests()
.antMatchers(
// Health status
"/health",
"/health/"
)
.hasRole(HEALTH_CHECK_ROLE)
.and()
.httpBasic()
.realmName(REALM_NAME)
.authenticationEntryPoint(getBasicAuthEntryPoint())
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
我发现这些资源很有帮助,但还不够:
- http://www.baeldung.com/spring-security-basic-authentication http://www.baeldung.com/spring-security-basic-authentication
- http://websystique.com/spring-security/secure-spring-rest-api-using-basic-authentication/ http://websystique.com/spring-security/secure-spring-rest-api-using-basic-authentication/
解决方案是实现多个配置,如下所述:https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#multiple-httpsecurity https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#multiple-httpsecurity
编辑 2021 年 12 月 11 日:
存档参考链接:https://web.archive.org/web/20210126145444/https://docs.spring.io/spring-security/site/docs/current/reference/html5/#multiple-httpsecurity https://web.archive.org/web/20210126145444/https://docs.spring.io/spring-security/site/docs/current/reference/html5/#multiple-httpsecurity
链接到示例的类似问题如下:https://stackoverflow.com/a/18864786/1568224 https://stackoverflow.com/a/18864786/1568224
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)