java-Spring安全配置;基本身份验证和SiteMinder
我有一个SpringBootWeb应用程序,它提供web内容并公开REST服务。web内容由SiteMinder保护,其余服务由“基本身份验证”保护
I使用弹簧安全4.2.3。我的Java代码正在扩展WebSecurityConfigureAdapter类,我的configure(HttpSecurity)方法如下所示:
@Override
protected void configure(HttpSecurity http) throws Exception {
RequestHeaderAuthenticationFilter siteMinderFilter = new RequestHeaderAuthenticationFilter();
siteMinderFilter.setAuthenticationManager(authenticationManager());
http
// Error page is for everyone
.authorizeRequests()
.antMatchers("/error.html")
.permitAll()
.anyRequest()
.anonymous()
// Basic Auth for our REST services
.and()
.authorizeRequests()
.antMatchers("/services/**")
.permitAll()
.anyRequest()
.authenticated()
.and()
.httpBasic()
.authenticationEntryPoint(authenticationEntryPoint)
// Site-Minder protection for the web content
.and()
.addFilter(siteMinderFilter)
.authorizeRequests()
.antMatchers("/**").permitAll()
.anyRequest().hasRole(ApplicationConstants.SITE_MINDER_AUTHORITY);
http.addFilterAfter(new CustomFilter(), BasicAuthenticationFilter.class);
}
我的配置有问题吗?我的配置是否创建了三个单独的过滤器?也许我的问题应该是,如何创建这三个过滤器
当我尝试使用PostMan/“Basic Auth”调用REST服务时,会收到错误消息:
org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException: SM_USER header not found in request.
我希望服务会被调用,相反,我会启动SiteMinder过滤器
共 (0) 个答案