Spring安全配置到java配置

时间:2014-07-11 13:31:01

标签: java spring spring-security

我正在努力将此配置转换为java配置 我已准备好所有课程,但我可以搞清楚 请帮忙

<bean id="passwordEncoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder">
    <constructor-arg value="ThisIsASecretSoChangeMe" />
</bean>

<security:authentication-manager id="authenticationManager">
    <security:authentication-provider user-service-ref="userDao">
        <security:password-encoder ref="passwordEncoder"></security:password-encoder>
    </security:authentication-provider>
</security:authentication-manager>

<security:http
        realm="Protected API"
        use-expressions="true"
        auto-config="false"
        create-session="stateless"
        entry-point-ref="unauthorizedEntryPoint"
        authentication-manager-ref="authenticationManager">
    <security:custom-filter ref="authenticationTokenProcessingFilter" position="FORM_LOGIN_FILTER" />
    <security:intercept-url pattern="/rest/user/authenticate" access="permitAll" />
    <security:intercept-url method="GET" pattern="/rest/news/**" access="hasRole('user')" />
    <security:intercept-url method="PUT" pattern="/rest/news/**" access="hasRole('admin')" />
    <security:intercept-url method="POST" pattern="/rest/news/**" access="hasRole('admin')" />
    <security:intercept-url method="DELETE" pattern="/rest/news/**" access="hasRole('admin')" />
</security:http>

<bean id="unauthorizedEntryPoint" class="net.dontdrinkandroot.example.angularrestspringsecurity.rest.UnauthorizedEntryPoint" />

<bean class="net.dontdrinkandroot.example.angularrestspringsecurity.rest.AuthenticationTokenProcessingFilter" id="authenticationTokenProcessingFilter">
    <constructor-arg ref="userDao" />
</bean>

1 个答案:

答案 0 :(得分:0)

这篇文章似乎已经解决了这个问题 Spring: Annotation equivalent of security:authentication-manager and security:global-method-security

我暂时以xml格式离开了我。我从rest-services-config.xml中删除了除安全配置之外的所有内容,然后将其导入到我的新configWebXml类中,如下所示:

@Configuration
@ComponentScan
@EnableAutoConfiguration
@ImportResource("classpath:rest-services-config.xml")
public class ConfigWebXml extends SpringBootServletInitializer {
   @Override
    protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
        return application.sources(Application.class);
    }

    public static void main(String[] args) {
        SpringApplication.run(Application.class, args);
    }
}

在我这样做之前,安全上下文不会被清除。成功登录后,它将永远不会返回并验证令牌。这允许我转换为基于完整注释的springboot应用程序,但弹簧安全性除外。

希望这有帮助。

相关问题
最新问题