我想配置春季啓動 - 嵌入式Tomcat基本HTTP身份驗證與多個角色,其中大部分網址的類似,但很少具體到每個角色。這裏的第一個角色是基本的HTTP身份驗證彈出並正常工作。下面的代碼,春季啓動基本HTTP身份驗證與多個角色拋出403禁止錯誤
@Configuration
@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class TestSecurityAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests().antMatchers(null, getAppAdminRolePaths()).authenticated()
.anyRequest().hasAnyRole("APPADMIN")
.and()
.httpBasic();
http.csrf().disable()
.authorizeRequests().antMatchers(null, getAppUserRolePaths()).authenticated()
.anyRequest().hasAnyRole("APPUSER")
.and()
.httpBasic();
http.authorizeRequests().antMatchers(null, new String[]{"/app/appOwnerView.html"}).authenticated()
.anyRequest().hasAnyRole("APPOWNER")
.and()
.httpBasic();
}
@Override
@Autowired
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("appadminname").password("appadminpwd").roles("APPADMIN").and()
.withUser("appusername").password("appuserpwd").roles("APPUSER").and()
.withUser("appownername").password("appoownerpwd").roles("APPOWNER");
}
private static String[] getAppAdminRolePaths(){
return new String[]{"/appweb/*",
"/app/checkService.html",
"/app/index.html",
"/app/testData.html",
"/app/adminView.html",
"/app/demo.html"};
}
private static String[] getAppUserRolePaths(){
return new String[]{"/appweb/*",
"/app/checkService.html",
"/app/index.html",
"/app/testData.html",
"/app/userView.html",
"/app/demo.html"};
}
}
對於與URL http://localhost:8080/app/index.html瀏覽器的HTTP用戶名/密碼彈出與appadminname說/ appadminpwd它工作正常。但是對於相同的網址,如果我輸入appusername/appuserpwd它會拋出HTTP 403禁止訪問錯誤。這裏爲什麼配置APPUSER的第二個角色是拋出這個錯誤是我不確定。請讓我們知道是否有辦法解決這個問題。
感謝