针对不同身份验证的 Spring Security HttpSecurity 配置

问题描述 投票:0回答:0

我正在努力使用

SecurityFilterChain
来实现这一目标。任何人都可以帮助我吗?

所有 URL 的

SecurityFilterChain
导航到活动目录/Microsoft 登录。

相反,只有登录网址应该导航到那里,其他网址应该导航到应用程序。

要求:

  1. /v1/login-management/signin
    应该导航到 Active Directory/Microsoft 登录
  2. /v1/user-management/**"
    应该导航到应用程序登录表单

这是我到目前为止尝试做的。

@Bean
    @Order(1)
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {

        http.apply(AadWebApplicationHttpSecurityConfigurer.aadWebApplication())
                .and()
                .authorizeHttpRequests()
                .requestMatchers("/v1/login-management/signin").authenticated()
                .and()
                .csrf().disable();

        return http.build();
    }

@Bean
    @Order(2)
    public SecurityFilterChain filterChainOther(HttpSecurity http) throws Exception {

        http
                .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                .authorizeHttpRequests()
                .requestMatchers("/v1/user-management/**").authenticated() // Always navigating to Microsoft Login
                .and()
                .csrf().disable();


        http.authenticationProvider(customAuthenticationProvider);

        http.addFilterBefore(authenticationJwtTokenFilter(),UsernamePasswordAuthenticationFilter.class);

        return http.build();
    }
java spring spring-boot spring-security spring-oauth2
© www.soinside.com 2019 - 2024. All rights reserved.