java - Spring Security配置支持基于Hippo CMS的多个子站点

我正在尝试使用基于河马cms插件的spring security。我在河马内部创建了3个子站点，每个子站点都具有登录名。我应该如何配置spring-security-context.xml以支持多个子站点？所有子站点将使用相同的身份验证提供程序。到目前为止，我已经配置了一个子站点。

<beans:beans xmlns="http://www.springframework.org/schema/security"
                     xmlns:beans="http://www.springframework.org/schema/beans"
                     xmlns:lang="http://www.springframework.org/schema/lang"
                     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                     xmlns:util="http://www.springframework.org/schema/util"
                     xmlns:aop="http://www.springframework.org/schema/aop"
                     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                       http://www.springframework.org/schema/lang http://www.springframework.org/schema/beans/spring-lang-3.1.xsd
                       http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd
                       http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
                       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<!-- HTTP Security Configuration -->

<!-- HTTP Security Configuration -->
<http auto-config="true">
    <intercept-url pattern="/css/**" />
    <intercept-url pattern="/images/**" />
    <intercept-url pattern="/binaries/**" />
    <intercept-url pattern="/vop/**" access="IS_AUTHENTICATED_ANONYMOUSLY, ROLE_everybody" />
    <form-login login-page="/vop"
                            default-target-url="/vop/vop-mysurvey-page"
                            always-use-default-target="true" />
    <logout logout-url="/logout.jsp" logout-success-url="/vop"/>
</http>
<!--
    Authentication Manager configuration with Hippo Repository based Authentication Provider configuration ('hippoAuthenticationProvider').
    However, you can use any other authentication provider(s) if you don't need to authenticate users against Hippo Repository.
-->
<authentication-manager>
    <authentication-provider ref="hippoAuthenticationProvider"/>
</authentication-manager>

<!--
    Hippo Repository based Authentication Provider. This Authentication Provider provide authentication against Hippo Repository Security Store.
    If you don't need to authenticate users against Hippo Repository, you don't have to include the following bean.
-->
<beans:bean id="hippoAuthenticationProvider"
                        class="org.onehippo.forge.security.support.springsecurity.authentication.HippoAuthenticationProvider">
</beans:bean>

例如，我还想拥有

<http auto-config="true">        <intercept-url pattern="/css/**" />        <intercept-url pattern="/images/**" />        <intercept-url pattern="/binaries/**" />        <intercept-url pattern="/erop/**" access="IS_AUTHENTICATED_ANONYMOUSLY, ROLE_everybody" />        <form-login login-page="/erop"                                default-target-url="/erop/mypage"                                always-use-default-target="true" />        <logout logout-url="/logout.jsp" logout-success-url="/erop"/>    </http>

有任何想法吗？

最佳答案

Spring Security支持保护多个子站点。无论子站点是否使用单独的主机名，配置都取决于您的子站点。

当您的子站点以相同的主机名运行时，可以按以下方式进行配置：

<http pattern="/vop/**" ... >
  ...
</http>

<http pattern="/erop/**" ... >
  ...
</http>

但是，如果您的子站点在不同的主机名上运行，则可能是URL模式重叠。在这种情况下，您需要按主机名进行过滤，例如：

<bean id="vopMatcher" class="org.springframework.security.web.util.ELRequestMatcher">
  <constructor-arg value="hasHeader('host','vop.com')"/>
</bean>

<bean id="eropMatcher" class="org.springframework.security.web.util.ELRequestMatcher">
  <constructor-arg value="hasHeader('host','erop.com')"/>
</bean>

<http request-matcher-ref ="vopMatcher" ... >
  ...
</http>

<http request-matcher-ref ="eropMatcher" ... >
  ...
</http>