I have been working on a web app with Spring Security that has some complex requirements (support for both database and LDAP authentication, login page and API) for which I have mostly figured out except one thing which I just can't get: handling multiple http. I'm doing everything in JAVA, no web.xml. With Spring debugging on, it recognizes all three but it appears to only be comparing the request against the first http and then moving on. Here is my code:
AppConfig.java
@Configuration
@ComponentScan( { "com.mydomain.security" } )
@Import( { SecurityConfig.class } )
public class AppConfig{
...
}
SecurityConfig.java
@Configuration
@EnableWebSecurity
public class SecurityConfig{
@Autowired
Config cfg;
@Autowired
LdapContextSource ldapContextSource;
@Autowired
@Qualifier( "authenticationProviderDB" )
AuthenticationProvider authenticationProviderDB;
@Autowired
@Qualifier( "authenticationProviderLDAP" )
AuthenticationProvider authenticationProviderLDAP;
@Autowired
@Qualifier( "persistentRememberMeServices" )
static RememberMeServices persistentRememberMeServices;
@Autowired
@Qualifier( "tokenRepository" )
CustomTokenRepository tokenRepository;
@Autowired
public void configureGlobal( AuthenticationManagerBuilder auth )throws Exception{
auth.authenticationProvider( authenticationProviderLDAP );
auth.authenticationProvider( authenticationProviderDB );
}
@Configuration
@Order( 1 )
public static class RestWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers( "/api/**" ).hasRole("ROLE_USER").and().httpBasic()
.and().exceptionHandling().accessDeniedPage( "/security/api" )
}
}
@Configuration
public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter{
@Override
protected void configure( HttpSecurity http )throws Exception{
http.authorizeRequests().antMatchers( "/**" ).hasRole("ROLE_USER")
.and().formLogin().loginPage( "/security/login" ).failureUrl( "/security/login?error" ).usernameParameter( "username" ).passwordParameter( "password" )
.loginProcessingUrl("/j_spring_valuehere")
.and().rememberMe().rememberMeServices( persistentRememberMeServices ).key( "key" )
.and().addFilterBefore( (Filter)new CustomErrorHandlerFilter(), RememberMeAuthenticationFilter.class)
.csrf().disable();
}
}
}
Logs
8075 [http-bio-8080-exec-3] DEBUG org.springframework.security.web.FilterChainProxy - /index.jsp at position 10 of 10 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
8076 [http-bio-8080-exec-3] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/index.jsp'; against '/security/**'
8076 [http-bio-8080-exec-3] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Public object - authentication not attempted
8077 [http-bio-8080-exec-3] DEBUG org.springframework.security.web.FilterChainProxy - /index.jsp reached end of additional filter chain; proceeding with original chain
Any help to what I may be missing is greatly appreciated.
Aucun commentaire:
Enregistrer un commentaire