How to configure multiple HttpSecurity in Spring Security?

background

In the previous article, we only configured one HttpSecurity. If the business is more complicated, we can also configure multiple HttpSecurity to achieve multiple extensions to WebSecurityConfigurerAdapter.

Spring Security configures multiple HttpSecurity
Spring Security supports the configuration of multiple HttpSecurity, examples are as follows:

Step 1: Normally configure authentication; br/> Step 2: Create an instance of WebSecurityConfigurerAdapter containing @Order to specify which WebSecurityConfigurerAdapter should be considered first.
The third step: http.antMatcher declares that this HttpSecurity will only apply to URLs beginning with /api/.
Step 4: Create another instance of WebSecurityConfigurerAdapter. If the URL does not start with /api/, this configuration will be used. This configuration is considered after ApiWebSecurityConfigurationAdapter because it has an @Order value after 1 (@Order defaults to last).

Spring Security configures multiple HttpSecurity principles.
We know that the core of Spring Security is springSecurityFilterChain. When initializing the bean, load the configuration:

call the init() method of various implementation classes of WebSecurityConfigurerAdapter:

The getHttp() method obtains the configuration information.
Note: The method to carry multiple configurations is here: AbstractConfiguredSecurityBuilder.java

to sum up

HttpSecurity uses builder mode to create, the code looks more elegant. When configuring multiple HttpSecurity, MultiHttpSecurityConfig does not need to inherit WebSecurityConfigurerAdapter, but create a static inner class in MultiHttpSecurityConfig to inherit WebSecurityConfigurerAdapter. Note: @Configuration annotations and @Order annotations are added to the static inner class. The @Order annotation indicates the priority of the configuration. The smaller the number, the greater the priority, and the configuration without the @Order annotation has the lowest priority.