java - 基于 Hippo CMS 支持多个子站点的 Spring Security 配置

Question

我正在尝试使用基于 hippo cms 插件的 spring security。我在 hippo 内部创建了 3 个子站点，每个子站点都有登录。我应该如何配置 spring-security-context.xml 以支持多个子站点？所有子站点都将使用相同的身份验证提供程序。到目前为止，我已经配置了其中一个子站点。

<beans:beans xmlns="http://www.springframework.org/schema/security"
                     xmlns:beans="http://www.springframework.org/schema/beans"
                     xmlns:lang="http://www.springframework.org/schema/lang"
                     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                     xmlns:util="http://www.springframework.org/schema/util"
                     xmlns:aop="http://www.springframework.org/schema/aop"
                     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                       http://www.springframework.org/schema/lang http://www.springframework.org/schema/beans/spring-lang-3.1.xsd
                       http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd
                       http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
                       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<!-- HTTP Security Configuration -->

<!-- HTTP Security Configuration -->
<http auto-config="true">
    <intercept-url pattern="/css/**" />
    <intercept-url pattern="/images/**" />
    <intercept-url pattern="/binaries/**" />
    <intercept-url pattern="/vop/**" access="IS_AUTHENTICATED_ANONYMOUSLY, ROLE_everybody" />
    <form-login login-page="/vop"
                            default-target-url="/vop/vop-mysurvey-page"
                            always-use-default-target="true" />
    <logout logout-url="/logout.jsp" logout-success-url="/vop"/>
</http>
<!--
    Authentication Manager configuration with Hippo Repository based Authentication Provider configuration ('hippoAuthenticationProvider').
    However, you can use any other authentication provider(s) if you don't need to authenticate users against Hippo Repository.
-->
<authentication-manager>
    <authentication-provider ref="hippoAuthenticationProvider"/>
</authentication-manager>

<!--
    Hippo Repository based Authentication Provider. This Authentication Provider provide authentication against Hippo Repository Security Store.
    If you don't need to authenticate users against Hippo Repository, you don't have to include the following bean.
-->
<beans:bean id="hippoAuthenticationProvider"
                        class="org.onehippo.forge.security.support.springsecurity.authentication.HippoAuthenticationProvider">
</beans:bean>

例如我也想拥有<http auto-config="true"> <intercept-url pattern="/css/**" /> <intercept-url pattern="/images/**" /> <intercept-url pattern="/binaries/**" /> <intercept-url pattern="/erop/**" access="IS_AUTHENTICATED_ANONYMOUSLY, ROLE_everybody" /> <form-login login-page="/erop" default-target-url="/erop/mypage" always-use-default-target="true" /> <logout logout-url="/logout.jsp" logout-success-url="/erop"/> </http>

有任何想法吗？

score 1 · Accepted Answer

据我所知，spring 安全框架基于 servlet 过滤器，其配置似乎与 Web 应用程序上下文相关联。因此，我认为您目前不能在单个 Web 应用程序上下文中托管多个 Spring 安全上下文。

score 0 · Accepted Answer

Spring security 支持保护多个子站点。配置取决于您的子站点，无论它们是否使用单独的主机名。

当您的子站点在相同的主机名下运行时，您可以像这样配置它：

<http pattern="/vop/**" ... >
  ...
</http>

<http pattern="/erop/**" ... >
  ...
</http>

但是，如果您的子站点在不同的主机名上运行，则可能是 url 模式重叠。在这种情况下，您需要按主机名过滤，例如：

<bean id="vopMatcher" class="org.springframework.security.web.util.ELRequestMatcher">
  <constructor-arg value="hasHeader('host','vop.com')"/>
</bean>

<bean id="eropMatcher" class="org.springframework.security.web.util.ELRequestMatcher">
  <constructor-arg value="hasHeader('host','erop.com')"/>
</bean>

<http request-matcher-ref ="vopMatcher" ... >
  ...
</http>

<http request-matcher-ref ="eropMatcher" ... >
  ...
</http>

java - 基于 Hippo CMS 支持多个子站点的 Spring Security 配置

2 回答 2

Related

Reference