我有一个Spring模块A和B的以下场景:

  • module A - 具有单点登录安全设置的Spring模块,使用@ EnableOAuth2Sso,@ EnableWebSecurity(debug = true)和@Order(Ordered.HIGHEST_PRECEDENCE)

  • module B - Spring Boot应用程序,具有A依赖性,不使用任何安全配置 .

当我启动B时,我得到2个Filter链,第一个来自模块A,它用于SSO,第二个来自模块B并且是多余的:

  • ossweb.DefaultSecurityFilterChain:创建过滤器链:AnyRequestMatcher @ 1,[WebAsyncManagerIntegrationFilter @ 1407b93f,SecurityContextPersistenceFilter @ 38241615,OAuth2ClientContextFilter @ 31a8c3a3,HeaderWriterFilter @ 6bf2ecbb,LogoutFilter @ 6cc022ac,OAuth2ClientAuthenticationProcessingFilter @ 5aff8207,BasicAuthenticationFilter一样@ 42eaf47f,RequestCacheAwareFilter @ 42fc744,SecurityContextHolderAwareRequestFilter @ 6eeb15f9 ,AnonymousAuthenticationFilter @ 6a5a99d9,SessionManagementFilter @ 5955568,ExceptionTranslationFilter @ 74ec4df3,FilterSecurityInterceptor @ 6a577564]

  • ossweb.DefaultSecurityFilterChain:创建过滤器链:AnyRequestMatcher @ 1,[WebAsyncManagerIntegrationFilter @ 138110f8,SecurityContextPersistenceFilter @ 6278371a,HeaderWriterFilter @ 6b61a4b0,LogoutFilter @ 30623109,RequestCacheAwareFilter @ c6a1be2,SecurityContextHolderAwareRequestFilter @ 6a486afb,AnonymousAuthenticationFilter @ 4fe8ac61,SessionManagementFilter @ 5c00de0d,@的ExceptionTranslationFilter 32db94fb ]

Problems:

  • 如何禁用无用的默认过滤器链?
    模块A的

  • 调试标志 - @EnableWebSecurity(debug = true),在运行模块B时被忽略,我无法调试安全设置

  • 是否可以"extend" A链并在B中添加更多过滤器?

spring spring-boot spring-security