我正在寫Spring應用程序來服務移動以及Web門戶請求。 我已經添加了控制器來處理Web門戶請求和RestController來處理移動請求。這是我在單個項目中完成的所有事情。如何在Spring MVC應用程序中添加兩個安全策略?
我已將auth.xml配置爲驗證和全部。
<security:http pattern="/api/**" entry-point-ref="restAuthenticationEntryPoint" use-expressions="true" auto-config="false" create-session="stateless" >
<security:intercept-url pattern="/api/auth" access="permitAll" />
<security:intercept-url pattern="/api/token" access="permitAll" />
<security:custom-filter ref="authenticationTokenProcessingFilter" position="FORM_LOGIN_FILTER" />
<security:intercept-url pattern="/api/**" access="isAuthenticated()" />
<security:logout />
</security:http>
<bean class="com.auth.TokenAuthenticationFilter"
id="authenticationTokenProcessingFilter">
<constructor-arg type="java.lang.String"><value>/api/**</value></constructor-arg>
</bean>
<!-- Code for REST API Authentication -->
<!-- create-session="stateless" -->
<security:http auto-config="false" use-expressions="true" entry-point-ref="ajaxAwareAuthenticationEntryPoint" disable-url-rewriting="true">
<security:intercept-url pattern="/login" access="permitAll()" />
<security:intercept-url pattern="/**" access="isAuthenticated()" />
<security:custom-filter position="FORM_LOGIN_FILTER" ref="authenticationFilter" />
<security:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<security:logout logout-url="/logout" logout-success-url="/login.do" invalidate-session="true" />
<security:remember-me services-ref="rememberMeService" />
<security:session-management session-authentication-strategy-ref="sas" />
<security:csrf disabled="true"/>
</security:http>
但我想整合Spring OAuth 2.0。 任何人都可以有同樣的想法嗎?
所提供的配置看起來像春天的安全性我.. – Tobb
爲了您的信息不作者標記有春天的安全,這意味着他不熟悉的Spring Security – FaigB
這並不一定意味着問題,這可能意味着他不知道如何正確標記問題。問題中提供的配置仍然是Spring安全配置。 – Tobb