前言:優先級高於ResourceServerConfigurer,用於保護oauth相關的endpoints,同時主要做用於用戶的登陸(form login,Basic auth)java
WebSecurityConfigurerAdapter是默認狀況下Spring security的http配置;ResourceServerConfigurerAdapter是默認狀況下spring security oauth 的http配置。web
下面貼出部分源碼:WebSecurityConfigurerAdapter類spring
@order(100)
public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigurer<WebSecurity> {
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
......
}
protected void configure(WebSecurity web) throws Exception {
......
}
protected void configure(HttpSecurity http) throws Exception {
........
}
}
ResourceServerConfigurerAdapter源碼:ui
在ResourceServerProperties中,定義了他的order默認值爲SecurityProperties.ACCESS_OVERRIDE_ORDER -1;是大於100的,也就是WebSecurityConfigurerAdapter的配置攔截要優先於ResourceServerConfigurerAdapter,優先級高的http配置是能夠覆蓋優先級低的配置的。3d
若是在一些特定的狀況下須要ResourceServerConfigurerAdapter要高於WebSecurityConfigurerAdapter須要在配置文件中添加:code
security.oauth2.resource.filter-order=99
或者是重寫WebSecurityConfigurerAdapter的order配置:orm
@Configuration
@EbableWebSecurity
@order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SecurityConfigurerAdapter extends WebSecurityConfigurerAdapter{
.....
}