我的网络.xml看起来像:
<security-constraint>
<web-resource-collection>
<web-resource-name>app</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Role</role-name>
</auth-constraint>
</security-constraint>
这可以保护每一方免受授权,但我想排除/info。这可能吗?
省略不需要身份验证的资源的元素,如下所示:<auth-constraint><security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>app</web-resource-name>
<url-pattern>/info</url-pattern>
</web-resource-collection>
<!-- OMIT auth-constraint -->
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>app</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Role</role-name>
</auth-constraint>
</security-constraint>
如果您正在寻找带有Spring引导解决方案的钥匙斗篷,请尝试在应用程序属性文件中这样做:
keycloak.security-constraints[0].authRoles[0]=users
keycloak.security-constraints[0].security-collections[0].patterns[0]=/*
keycloak.security-constraints[1].security-collections[0].patterns[0]=/info
这将对除 /info 之外的所有 URL 应用安全性
