我在这里找到了解决方案:https :
//blog.precentric.de/en/2012/07/spring-security-two-security-realms-in-one-
application/
这篇文章详细介绍了我想做的事情。
技巧似乎是添加
pattern="/provider/**"到其余的http元素中。因此,正确的休息安全性配置为:
<security:http create-session="stateless" entry-point-ref="digestEntryPoint" pattern="/provider/**" use-expressions="true"> <security:intercept-url pattern="/provider/**" access="isAuthenticated()" /> <security:http-basic /> <security:custom-filter ref="digestFilter" after="BASIC_AUTH_FILTER" /></security:http>
