Question

我有以下spring-security配置：

<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
                    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

<http use-expressions="true">
    <intercept-url pattern="/edit/**" access="hasRole('EDITOR')" />
    <form-login login-page="/login" authentication-failure-url="/loginfailed" />
    <logout logout-success-url="/" delete-cookies="JSESSIONID" />
    <remember-me user-service-ref="userDetailsService"/>
</http>

<b:bean id="encoder"
    class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />

<authentication-manager>
    <authentication-provider user-service-ref="userDetailsService">
        <password-encoder ref="encoder" />
    </authentication-provider>
</authentication-manager>
</b:beans>

我正在尝试将其迁移到基于注释的配置：

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests().antMatchers("/edit/**").hasRole("EDITOR").and()
                .logout().logoutSuccessUrl("/").deleteCookies("JSESSIONID").and()
                .formLogin().loginPage("/login").failureUrl("/loginfailed").and()
                .rememberMe().userDetailsService(userDetailsService);
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(encoder());
    }

    @Bean
    public PasswordEncoder encoder() {
        return new BCryptPasswordEncoder();
    }

}

此外，我还拥有社交网络登录功能，因此我使用了自动连接的RequestCache。并且此bean不会出现在具有基于注释的配置的应用程序上下文中。我缺少什么？

Answer 1

RequestCache问题通过以下方式解决：

@Bean
public RequestCache requestCache() {
    return new HttpSessionRequestCache();
}

随着配置的变化：

    http
            .requestCache().requestCache(requestCache()).and()
            .authorizeRequests().antMatchers("/edit/**").hasRole("EDITOR").and()...

同样迁移到基于注释的配置许多默认值正在更改 - “j_username”到“username”，“j_password”到“password”，“j_spring_security_check”到“login”，“j_spring_security_logout”到“logout”和csrf隐藏令牌在形式上变得必要。

spring-security表单身份验证迁移到注释

1 个答案: