@EnableWebSecurity
public class MultiHttpSecurityConfig {
@Configuration
@Order(1)
public static class App1ConfigurationAdapter extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests()
.antMatchers("/my/**", "/account/**").access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')")
.and().formLogin().loginPage("/login");
}
}
@Configuration
@Order(2)
public static class App2ConfigurationAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests()
.antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')")
.and().formLogin().loginPage("/adminlogin");
}
}
}
這應該是兩種不同的登錄表單。我的問題是沒有顯示最高級別/ adminlogin的那個。我知道爲什麼?請幫忙。該代碼是從Spring boot - how to configure multiple login pages?春季開機和彈簧安全多登錄頁面
繼索菲亞的建議我嘗試這樣做:
@Configuration
@Order(2)
public static class UserConfigurationAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.requestMatcher(new AntPathRequestMatcher("/my/**"))
.csrf().disable()
.authorizeRequests().antMatchers("/my/**").access("hasRole('ROLE_USER')")
.and().formLogin().loginPage("/login");
}
}
@Configuration
@Order(1)
public static class AdminConfigurationAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.requestMatcher(new AntPathRequestMatcher("/admin/**"))
.csrf().disable()
.authorizeRequests().antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')")
.and().formLogin().loginPage("/adminlogin");
}
}
但在這兩種情況下/登錄被稱爲
當我進入例子http://docs.spring.io/spring- security/site/docs/current/reference/html/jc.html#multiple-httpsecurity我得到這個異常:java.lang.IllegalStateException:WebSecurityConfigurers上的@Order必須是唯一的。 100的順序已經用於... FormLoginWebSecurityConfigurerAdapter ... – ropo