我試圖將XML中的實際安全配置傳遞給Java，但我不知道為什么在兩個過濾器中有兩個UserdetailsService，過濾器總是使用相同的UserdetailsService。

XML配置：

auto-config="false">

auto-config="false">

auto-config="false">

Java配置：

@EnableWebSecurity

public class SecurityConfig {

@Autowired

private CustomUserAppDetailsService customUserAppDetailsService;

@Autowired

private CustomRefreshTokenAppDetailsService customRefreshTokenAppDetailsService;

@Autowired

private CustomAccessTokenAppDetailsService customAccessTokenAppDetailsService;

@Bean

public TokenAuthenticationEntryPoint tokenAuthenticationEntryPoint(){

return new TokenAuthenticationEntryPoint();

}

@Configuration

@Order(1)

public class RefreshTokenSecurityConfiguration extends WebSecurityConfigurerAdapter {

@Bean

public AuthenticationManager refresTokenAuthenticationManager() throws Exception {

return super.authenticationManagerBean();

}

@Bean

public RefreshTokenAuthenticationFilter refreshTokenAuthenticationFilter(){

return new RefreshTokenAuthenticationFilter();

}

@Override

protected void configure(HttpSecurity http) throws Exception {

DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider ();

authenticationProvider.setUserDetailsService(customRefreshTokenAppDetailsService);

http

.csrf().disable()

.antMatcher("/v1/Login/refresh/**")

.userDetailsService(customRefreshTokenAppDetailsService)

.sessionManagement()

.sessionCreationPolicy(SessionCreationPolicy.STATELESS)

.and()

.exceptionHandling()

.authenticationEntryPoint(tokenAuthenticationEntryPoint())

.and()

.authorizeRequests()

.antMatchers("/v1/Login/refresh/**").access("hasRole('ROLE_USER')")

.and()

.requiresChannel()

.antMatchers("/v1/Login/refresh/**").requiresSecure()

.and()

.addFilterBefore(refreshTokenAuthenticationFilter(), BasicAuthenticationFilter.class);

}

}

@Configuration

@Order(2)

public class LoginSecurityConfiguration extends WebSecurityConfigurerAdapter {

@Override

protected void configure(HttpSecurity http) throws Exception {

DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider ();

authenticationProvider.setUserDetailsService(customUserAppDetailsService);

authenticationProvider.setPasswordEncoder(new Md5PasswordEncoder());

http

.csrf().disable()

.antMatcher("/v1/Login/**")

.authenticationProvider(authenticationProvider)

.sessionManagement()

.sessionCreationPolicy(SessionCreationPolicy.STATELESS)

.and()

.authorizeRequests().antMatchers("/v1/Login/**").access("hasRole('ROLE_USER')")

.and()

.requiresChannel().antMatchers("/v1/Login/**").requiresSecure()

.and()

.httpBasic();

}

}

@Configuration

@Order(3)

public class UsuarioSecurityConfiguration extends WebSecurityConfigurerAdapter {

@Bean

public TokenAuthenticationFilter tokenAuthenticationEmpresaFilter() throws Exception {

TokenAuthenticationFilter tokenAuthenticationFilter = new TokenAuthenticationFilter();

tokenAuthenticationFilter.setAuthenticationManager(super.authenticationManager());

return tokenAuthenticationFilter;

}

@Override

protected void configure(HttpSecurity http) throws Exception {

DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider ();

authenticationProvider.setUserDetailsService(customAccessTokenAppDetailsService);

http

.csrf().disable()

.antMatcher("/v1/UsuarioEmpresa/**")

.authenticationProvider(authenticationProvider)

.userDetailsService(customAccessTokenAppDetailsService)

.sessionManagement()

.sessionCreationPolicy(SessionCreationPolicy.STATELESS)

.and()

.exceptionHandling()

.authenticationEntryPoint(tokenAuthenticationEntryPoint())

.and()

.authorizeRequests()

.antMatchers("/v1/UsuarioEmpresa/**").access("hasRole('ROLE_USER')")

.and()

.requiresChannel()

.antMatchers("/v1/UsuarioEmpresa/").requiresSecure()

.antMatchers("/v1/UsuarioEmpresa/**").requiresSecure()

.and()

.addFilterBefore(tokenAuthenticationEmpresaFilter(), BasicAuthenticationFilter.class);

}

}

}出于某種原因，http配置(順序1和3)均使用customRefreshTokenAppDetailsService?？偸鞘褂玫谝粋€http的UserDetailsService。

總結

以上是生活随笔為你收集整理的details在Java中_Spring安全性在Java配置中使用两个自定义UserDetailsS​​ervices的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。