我正在写Spring应用程序来服务移动以及Web门户请求。 我已经添加了控制器来处理Web门户请求和RestController来处理移动请求。这是我在单个项目中完成的所有事情。如何在Spring MVC应用程序中添加两个安全策略?
我已将auth.xml配置为验证和全部。
<security:http pattern="/api/**" entry-point-ref="restAuthenticationEntryPoint" use-expressions="true" auto-config="false" create-session="stateless" >
<security:intercept-url pattern="/api/auth" access="permitAll" />
<security:intercept-url pattern="/api/token" access="permitAll" />
<security:custom-filter ref="authenticationTokenProcessingFilter" position="FORM_LOGIN_FILTER" />
<security:intercept-url pattern="/api/**" access="isAuthenticated()" />
<security:logout />
</security:http>
<bean class="com.auth.TokenAuthenticationFilter"
id="authenticationTokenProcessingFilter">
<constructor-arg type="java.lang.String"><value>/api/**</value></constructor-arg>
</bean>
<!-- Code for REST API Authentication -->
<!-- create-session="stateless" -->
<security:http auto-config="false" use-expressions="true" entry-point-ref="ajaxAwareAuthenticationEntryPoint" disable-url-rewriting="true">
<security:intercept-url pattern="/login" access="permitAll()" />
<security:intercept-url pattern="/**" access="isAuthenticated()" />
<security:custom-filter position="FORM_LOGIN_FILTER" ref="authenticationFilter" />
<security:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<security:logout logout-url="/logout" logout-success-url="/login.do" invalidate-session="true" />
<security:remember-me services-ref="rememberMeService" />
<security:session-management session-authentication-strategy-ref="sas" />
<security:csrf disabled="true"/>
</security:http>
但我想整合Spring OAuth 2.0。 任何人都可以有同样的想法吗?
所提供的配置看起来像春天的安全性我.. – Tobb
为了您的信息不作者标记有春天的安全,这意味着他不熟悉的Spring Security – FaigB
这并不一定意味着问题,这可能意味着他不知道如何正确标记问题。问题中提供的配置仍然是Spring安全配置。 – Tobb