1. 首頁
  2. 問答
  3. 如何用Spring Security和SSL忽略一些路徑?

如何用Spring Security和SSL忽略一些路徑?

2016-11-08 26 views
0

這是我的Spring配置:如何用Spring Security和SSL忽略一些路徑?

import org.springframework.context.annotation.Bean; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; 
import org.springframework.security.config.annotation.web.builders.HttpSecurity; 
import org.springframework.security.config.annotation.web.builders.WebSecurity; 
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 
import org.springframework.security.config.http.SessionCreationPolicy; 
import org.springframework.security.core.authority.AuthorityUtils; 
import org.springframework.security.core.userdetails.User; 
import org.springframework.security.core.userdetails.UserDetails; 
import org.springframework.security.core.userdetails.UserDetailsService; 
import org.springframework.security.core.userdetails.UsernameNotFoundException; 

@Configuration 
@EnableWebSecurity 
@EnableGlobalMethodSecurity(prePostEnabled = true) 
public class X509Configuration extends WebSecurityConfigurerAdapter { 

    @Override 
    public void configure(WebSecurity web) throws Exception { 
     web.ignoring().antMatchers("/ws/items.wsdl"); 
    } 

    @Override 
    public void configure(final HttpSecurity http) throws Exception { 
     http 
      .sessionManagement() 
       .sessionCreationPolicy(SessionCreationPolicy.NEVER) 
       .and() 
      .authorizeRequests() 
       .antMatchers("/ws/items.wsdl").permitAll() 
       .and() 
      // require authorization for everything else 
      .authorizeRequests() 
       .anyRequest().authenticated() 
       .and() 
      .x509() 
       .subjectPrincipalRegex("CN=(.*?)(?:,|$)") 
       .userDetailsService(userDetailsService()) 
       .and() 
      .csrf().disable() 

      // configure form login 
      .formLogin().disable() 

      // configure logout 
      .logout().disable(); 
    } 

    @Bean 
    public UserDetailsService userDetailsService() { 
     return new UserDetailsService() { 
      @Override 
      public UserDetails loadUserByUsername(String username) { 
       if (username.equals("cid")) { 
        return new User(username, "", 
         AuthorityUtils 
           .commaSeparatedStringToAuthorityList("ROLE_USER")); 
       } 
       throw new UsernameNotFoundException("User not found!"); 
      } 
     }; 
    } 
}

這些SSL設置:

server: 
    port: 8443 
    ssl: 
    enabled: true 
    key-store: 'classpath:keystore.jks' 
    key-store-password: 'changeit' 
    key-password: 'changeit' 
    trust-store: 'classpath:truststore.jks' 
    trust-store-password: 'changeit' 
    client-auth: need

我想是忽略SSL或允許我所有的WSDL網站。 但使用此配置它不起作用。我收到以下錯誤:

http https://localhost:8443/ws/items.wsdl http: error: SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645) while doing GET request to URL: https://localhost:8443/ws/items.wsdl

我不想使用ca簽名證書。 (使用簽名的證書纔有效。) 我該怎麼做?我有什麼選擇?

來源

2016-11-08 user1648825

+0

不,我只有https連接器,並希望允許我的WSDL不安全。如果它不起作用,我可以打開一個新的HTTP連接,如http://stackoverflow.com/a/36623801/1648825中所述。 – user1648825

+0

你能解決你的問題嗎?我現在正是這種情況。 – ram

回答

-1

刪除此:

.authorizeRequests() 
       .antMatchers("/ws/items.wsdl").permitAll()

web配置是說忽略路徑,但你的HTTP安全的話語,併發出請求到該路徑經過身份驗證。

來源

2016-11-08 19:45:17 Gandalf

+0

它沒有幫助。在瀏覽器中,我得到'localhost:8443使用了一個無效的安全證書。證書不可信,因爲它是自簽名的。錯誤代碼:SEC_ERROR_UNKNOWN_ISSUER' 和http cli: 'http https:// localhost:8443/ws/items.wsdl'' http:錯誤:SSLError:[SSL:CERTIFICATE_VERIFY_FAILED]證書驗證失敗(_ssl.c:645)同時對URL進行GET請求:https:// localhost:8443/ws/items.wsdl' – user1648825

相關問題

 相關問題