1. 首頁
  2. 問答
  3. 允許訪問一個網址的用戶名/密碼等人從IP地址

允許訪問一個網址的用戶名/密碼等人從IP地址

2016-07-28 107 views
2

我試圖找出如何執行以下操作使用Spring Security:允許訪問一個網址的用戶名/密碼等人從IP地址

我需要讓對某個端點的外部訪問,在/webhooks/ ,但用HTTP基本用戶名/密碼保護它。在所有其他端點上,訪問必須受到限制,但某些子網除外。

這是我到目前爲止。這不起作用,因爲一切都被拒絕了。

import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.beans.factory.annotation.Value; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.context.annotation.PropertySource; 
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; 
import org.springframework.security.config.annotation.web.builders.HttpSecurity; 
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 

/** 
* Created on 27 July 2016 @ 1:49 PM 
* Component for project "security" 
*/ 
@Configuration 
@EnableWebSecurity 
@PropertySource("classpath:/test.properties") 
public class SecurityConfig extends WebSecurityConfigurerAdapter { 
    @Value("${test.webhooks.username}") 
    private String username; 
    @Value("${test.webhooks.password}") 
    private String password; 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http 
       .authorizeRequests() 

         .antMatchers("/webhooks/").authenticated() 
       .and().authorizeRequests() 
         .antMatchers("/**").hasIpAddress("10.0.0.0/8") 
         .antMatchers("/**").hasIpAddress("172.16.0.0/16") 
         .antMatchers("/**").hasIpAddress("192.168.1.0/24") 
         .antMatchers("/**").hasIpAddress("172.0.0.0/8") 
         .antMatchers("/**").denyAll() 
     ; 

    } 

    @Autowired 
    public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception { 
     authenticationManagerBuilder 
       .inMemoryAuthentication() 
         .withUser(username).password(password).roles("WEBHOOKS_ACCESS") 
     ; 
    } 
}

任何幫助將是可怕的!我不確定鏈接的螞蟻匹配器在任何情況下都是正確的。

來源

2016-07-28 iLikeBreakfast

回答

0

好的,我發現如何做到這一點。不知道這是「春天的方式」或其他什麼,但它似乎工作。歡迎任何建議。

所以我的新類如下所示:

import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.beans.factory.annotation.Value; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.context.annotation.PropertySource; 
import org.springframework.core.annotation.Order; 
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; 
import org.springframework.security.config.annotation.web.builders.HttpSecurity; 
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 

/** 
* Created on 27 July 2016 @ 1:49 PM 
* Component for project "security" 
* 
*/ 
@Configuration 
@EnableWebSecurity 
@PropertySource("classpath:/security.properties") 
public class SecurityConfig extends WebSecurityConfigurerAdapter { 
    @Value("${security.webhooks.username}") 
    private String username; 
    @Value("${security.webhooks.password}") 
    private String password; 

    @Configuration 
    @Order(1) 
    public static class WebHookSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { 
     protected void configure(HttpSecurity http) throws Exception { 
      http.antMatcher("/webhooks/") 
        .authorizeRequests() 
         .anyRequest().hasRole("WEBHOOKS_ACCESS") 
         .and() 
        .httpBasic() 
         .and() 
        .csrf().disable(); 
     } 
    } 

    @Configuration 
    @Order(2) 
    public static class InternalSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { 
     protected void configure(HttpSecurity http) throws Exception { 
      http.antMatcher("/**") 
        .authorizeRequests() 
         .anyRequest() 
         .access("hasIpAddress('10.0.0.0/8') or hasIpAddress('172.16.0.0/16') or hasIpAddress('192.168.1.0/24') or hasIpAddress('172.0.0.0/8') or hasIpAddress('127.0.0.1')") 
      ; 
     } 
    } 

    @Autowired 
    public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception { 
     authenticationManagerBuilder 
       .inMemoryAuthentication() 
         .withUser(username).password(password).roles("WEBHOOKS_ACCESS") 
     ; 
    } 
}

這是我從this documentation的。希望這可以幫助別人!

來源

2016-07-28 09:30:49 iLikeBreakfast

相關問題

 相關問題