英文:
How to add additional requestMatchers in multiple SecurityFilterChain?
问题
以下是您要翻译的内容:
第一个 @Bean 如下所示:
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests(auth -> auth
.requestMatchers("/api/core/**").permitAll()
.anyRequest().authenticated()
);
return http.build();
}
而第二个 @Bean 应该添加额外的 requestMatchers
@Bean
public SecurityFilterChain filterChainAdditional(HttpSecurity http) throws Exception {
http.authorizeHttpRequests(auth -> auth
.requestMatchers("/api/module2/**").permitAll()
.anyRequest().authenticated()
);
return http.build();
}
不幸的是,第二个方法 filterChainAdditional 按预期顺序被正确调用。
但它不扩展 requestMatchers。
更加奇怪的是,在第二个 Bean 中,所有的 requestMatchers 似乎在 HttpSecurity 上下文中都不可用。
有人知道如何解决这个问题吗?
英文:
Lets assume I am adding some security in Spring Boot 3 using the SecurityFilterChain @Bean multiple times.
The first @Bean looks as follow:
<!-- laguage: java -->
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests(auth -> auth
.requestMatchers("/api/core/**").permitAll()
.anyRequest().authenticated()
);
return http.build();
}
While the second @Bean is supposed to add additional requestMatchers
<!-- language: java -->
@Bean
public SecurityFilterChain filterChainAdditional(HttpSecurity http) throws Exception {
http.authorizeHttpRequests(auth -> auth
.requestMatchers("/api/module2/**").permitAll()
.anyRequest().authenticated()
);
return http.build();
}
Unfortunately, the second method filterChainAdditional is correctly called in the expected order.
But it does not extend the requestMatchers.
Even more curious in the second bean all requestMatchers seem to be unavailable in the HttpSecurity context.
Anyone has an idea how to solve this probably?
答案1
得分: 2
根据我的理解,SecurityFilterChain beans 不会合并 requestMatchers,它们只会执行匹配的过滤器。
可能可行的选项(没有进行检查):
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.securityMatcher("/api/core/**")
.authorizeHttpRequests(auth -> auth
.requestMatchers("/api/core/**").permitAll()
.anyRequest().authenticated()
);
return http.build();
}
@Bean
public SecurityFilterChain filterChainAdditional(HttpSecurity http) throws Exception {
http
.securityMatcher("/api/module2/**")
.authorizeHttpRequests(auth -> auth
.requestMatchers("/api/module2/**").permitAll()
.anyRequest().authenticated()
);
return http.build();
}
英文:
As I understand. SecurityFilterChain beans do not merge requestMatchers they just execute matched filters.
Option that may work (didn't check):
<!-- language: java -->
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.securityMatcher("/api/core/**")
.authorizeHttpRequests(auth -> auth
.requestMatchers("/api/core/**").permitAll()
.anyRequest().authenticated()
);
return http.build();
}
@Bean
public SecurityFilterChain filterChainAdditional(HttpSecurity http) throws Exception {
http
.securityMatcher("/api/module2/**")
.authorizeHttpRequests(auth -> auth
.requestMatchers("/api/module2/**").permitAll()
.anyRequest().authenticated()
);
return http.build();
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论