我的应用程序同时具有GlobalMethodSecurityConfiguration和WebSecurityConfigurerAdapter配置类。我的实现如下:
我的 GlobalMethodSecurityConfiguration实施:
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MethodSecurityConfiguration extends GlobalMethodSecurityConfiguration {
@Override
protected AuthenticationManager authenticationManager() {
AuthenticationManager authenticationManager = new ProviderManager();
return authenticationManager;
}
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
expressionHandler.setPermissionEvaluator(permissionEvaluator());
return expressionHandler;
}
@Bean
public ApplicationPermissionEvaluator permissionEvaluator() {
return new ApplicationPermissionEvaluator(permissionMap());
}
private Map<String, Permission> permissionMap() {
Map<String, Permission> map = new HashMap<>();
map.put("CurriculumService:findCurriculumIsAllowed", curriculumByIdOwnerPermission());
map.put("CurriculumService:updateCurriculumIsAllowed", curriculumOwnerPermission());
return map;
}
@Bean(autowire=Autowire.BY_NAME)
public CurriculumByIdOwnerPermission curriculumByIdOwnerPermission() {
return new CurriculumByIdOwnerPermission();
}
@Bean(autowire=Autowire.BY_NAME)
public CurriculumOwnerPermission curriculumOwnerPermission() {
return new CurriculumOwnerPermission();
}
}
和我的 WebSecurityConfigurerAdapter实现:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
//@formatter:off
http
//.csrf().disable()
.exceptionHandling().authenticationEntryPoint(delegatingAuthenticationEntryPoint())
.and().formLogin()
.loginProcessingUrl("/signin")
.loginPage("/signin")
.failureUrl("/signin?login_error=t")
.defaultSuccessUrl("/dashboard", Boolean.TRUE)
.and().logout()
.logoutUrl("/resources/j_spring_security_logout")
.logoutSuccessUrl("/signin")
.and().authorizeRequests()
.accessDecisionManager(accessDecisionManager())
.antMatchers("/preference/sendPasswordReset/**", "/preference/passwordReset/**", "/preference/activateEmail/**", "/preference/resendActivationEmail/**").permitAll()
.antMatchers("/preference/**").access("hasAnyRole('ROLE_BASIC_CHILDMINDER', 'ROLE_BASIC_FAMILY')")
.antMatchers("/dashboard").access("hasAnyRole('ROLE_BASIC_CHILDMINDER', 'ROLE_BASIC_FAMILY')")
.antMatchers("/curriculum/**").access("hasRole('ROLE_BASIC_CHILDMINDER')")
.antMatchers("/advertisement/**/view/**").permitAll()
.antMatchers("/advertisement/family/**").access("hasRole('ROLE_BASIC_FAMILY')")
.antMatchers("/advertisement/childminder/**").access("hasRole('ROLE_BASIC_CHILDMINDER')")
.antMatchers("/resources/**", "/**").permitAll();
//@formatter:on
super.configure(http);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder());
}
@Bean
public MemberUserDetailsService userDetailsService() {
return new MemberUserDetailsService();
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
return passwordEncoder;
}
@Bean
public SessionRegistryImpl sessionRegistry() {
SessionRegistryImpl sessionRegistry = new SessionRegistryImpl();
return sessionRegistry;
}
@Bean
public AffirmativeBased accessDecisionManager() {
AffirmativeBased accessDecisionManager = new AffirmativeBased(accessDecisionVoters());
return accessDecisionManager;
}
public List<AccessDecisionVoter> accessDecisionVoters() {
List<AccessDecisionVoter> accessDecisionVoters = new ArrayList<>();
accessDecisionVoters.add(roleHierarchyVoter());
accessDecisionVoters.add(webExpressionVoter());
return accessDecisionVoters;
}
@Bean
public WebExpressionVoter webExpressionVoter() {
WebExpressionVoter webExpressionVoter = new WebExpressionVoter();
webExpressionVoter.setExpressionHandler(defaultWebSecurityExpressionHandler());
return webExpressionVoter;
}
@Bean
public DefaultWebSecurityExpressionHandler defaultWebSecurityExpressionHandler() {
DefaultWebSecurityExpressionHandler defaultWebSecurityExpressionHandler = new DefaultWebSecurityExpressionHandler();
defaultWebSecurityExpressionHandler.setRoleHierarchy(roleHierarchy());
return defaultWebSecurityExpressionHandler;
}
@Bean
public RoleHierarchyVoter roleHierarchyVoter() {
RoleHierarchyVoter roleHierarchyVoter = new RoleHierarchyVoter(roleHierarchy());
return roleHierarchyVoter;
}
@Bean
public RoleHierarchyImpl roleHierarchy() {
RoleHierarchyImpl roleHierarchy = new RoleHierarchyImpl();
//@formatter:off
roleHierarchy.setHierarchy(
"ROLE_ADMINISTRATOR > ROLE_MODERATOR\n" +
"ROLE_MODERATOR > ROLE_SUBSCRIBED_FAMILY\n" +
"ROLE_MODERATOR > ROLE_SUBSCRIBED_CHILDMINDER\n" +
"ROLE_SUBSCRIBED_FAMILY > ROLE_BASIC_FAMILY\n" +
"ROLE_SUBSCRIBED_CHILDMINDER > ROLE_BASIC_CHILDMINDER");
//@formatter:on
return roleHierarchy;
}
@Bean
public DelegatingAuthenticationEntryPoint delegatingAuthenticationEntryPoint() {
DelegatingAuthenticationEntryPoint delegatingAuthenticationEntryPoint = new DelegatingAuthenticationEntryPoint(map());
delegatingAuthenticationEntryPoint.setDefaultEntryPoint(loginUrlAuthenticationEntryPoint());
return delegatingAuthenticationEntryPoint;
}
public LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> map() {
LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> map = new LinkedHashMap<>();
map.put(ajaxRequestMatcher(), ajaxAuthenticationEntryPoint());
return map;
}
@Bean
public LoginUrlAuthenticationEntryPoint loginUrlAuthenticationEntryPoint() {
LoginUrlAuthenticationEntryPoint loginUrlAuthenticationEntryPoint = new LoginUrlAuthenticationEntryPoint("/signin");
return loginUrlAuthenticationEntryPoint;
}
@Bean
public AjaxAuthenticationEntryPoint ajaxAuthenticationEntryPoint() {
AjaxAuthenticationEntryPoint ajaxAuthenticationEntryPoint = new AjaxAuthenticationEntryPoint();
return ajaxAuthenticationEntryPoint;
}
@Bean
public AjaxRequestMatcher ajaxRequestMatcher() {
AjaxRequestMatcher ajaxRequestMatcher = new AjaxRequestMatcher();
return ajaxRequestMatcher;
}
@Bean
public RequestDataValueProcessor requestDataValueProcessor() {
return new CsrfRequestDataValueProcessor();
}
}
我不确定如何配置身份验证管理器。以下是正确的处理方式吗?
@Override
protected AuthenticationManager authenticationManager() {
AuthenticationManager authenticationManager = new ProviderManager();
return authenticationManager;
}
欢迎任何欢迎......
答案 0 :(得分:3)
我一直在寻找一种方法来做到这一点。以下对我有用:
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends GlobalMethodSecurityConfiguration {
@Autowired
protected void configureGlobal (AuthenticationManagerBuilder auth) {
// Configure auth mgr
}
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
// Configure expression handler
}
@Configuration
public static class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// Configure HTTP security
}
}
}
答案 1 :(得分:0)
您可以覆盖WebSecurityConfigurerAdapter中的configure(AuthencationManagerBuilder auth)方法。如果您的要求只是使用您的UserDetailsService,您可以执行以下操作
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(this.userDetailsService).passwordEncoder(passwordEncoder());
}
从您的代码中,您可以使用以下方法。
authenticationManagerBuilder.authenticationProvider(AuthenticationProvider authenticationProvider)
如果您有更复杂的要求,可以参考spring security API。 http://docs.spring.io/spring-security/site/docs/3.2.0.RC2/apidocs/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.html