我正在使用spring security 4.2.5.RELEASE 和spring 4.3.16.RELEASE 我的XML配置工作正常,如下所示
<security:global-method-security secured-annotations="enabled" pre-post-annotations="enabled" access-decision-manager-ref="methodAccessDecisionManager">
<security:expression-handler ref="methodExpressionHandler"/>
</security:global-method-security>
<security:authentication-manager>
<security:authentication-provider user-service-ref="userDetailsService">
<security:password-encoder ref="passwordEncoder">
<security:salt-source user-property="saltSource" />
</security:password-encoder>
</security:authentication-provider>
<security:authentication-provider user-service-ref="userDetailsService">
<security:password-encoder ref="bcryptPasswordEncoder"/>
</security:authentication-provider>
</security:authentication-manager>
我还有http安全配置。需要使用java配置进行此配置。但不能这样做,因为我没有找到任何解决方案
access-decision-manager-ref="methodAccessDecisionManager" 和 <security:expression-handler ref="methodExpressionHandler"/>
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.addFilterAt(switchUserProcessingFilter(), SwitchUserFilter.class)
.authorizeRequests()
.accessDecisionManager(webAccessDecisionManager())
.antMatchers("/pages/login.jsf").permitAll()
.antMatchers("/pages/expired.jsf").permitAll()
.antMatchers("/css/*").permitAll()
.antMatchers("/images/*").permitAll()
.antMatchers("/pages/testui/*").access("hasRole('PRIVILEGE_TESTER')")
.antMatchers("/pages/client/*").access("hasAnyRole('PRIVILEGE_USE_TENDERING, PRIVILEGE_MANAGE_USERS')")
.antMatchers("/pages/html5/**").access("hasAnyRole('PRIVILEGE_USE_TENDERING, PRIVILEGE_USE_SPOTREQUEST')")
.antMatchers("/moker/*").access("isAuthenticated()")
.antMatchers("/e/*").access("hasRole('PRIVILEGE_FILE')")
.and()
.formLogin()
.loginPage("/pageogin.jsf")
.usernameParameter("j_username")
.passwordParameter("j_password")
.loginProcessingUrl("/j_sy_check")
.failureUrl("/pages/l_error=1")
.successHandler(tenderEasyAuthSuccessHandler())
.and()
.exceptionHandling()
.accessDeniedHandler(accessDeniedHandler())
.and()
.logout()
.logoutUrl("/j_spring_security_logout")
.logoutSuccessUrl("/pages/logout.jsf")
.and();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService())
.passwordEncoder(passwordEncoder().isPasswordValid(encPass, rawPass, salt))
}
}
但在这里我找到了任何东西:
access-decision-manager-ref="methodAccessDecisionManager", security:expression-handler ref=methodExpressionHandler和
security:salt-source user-property=saltSource
答案 0 :(得分:0)
To specify a method expression handler and access decision manager, use a configuration based on GlobalMethodSecurityConfiguration:
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class MyGlobalMethodSecurityConfiguration extends GlobalMethodSecurityConfiguration {
@Autowired
private MethodSecurityExpressionHandler methodExpressionHandler;
@Autowired
private AccessDecisionManager methodAccessDecisionManager;
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
return methodExpressionHandler;
}
@Override
protected AccessDecisionManager accessDecisionManager() {
return methodAccessDecisionManager;
}
}
(Remove @EnableGlobalMethodSecurity from your SecurityConfig).
See also Spring Security Reference Docs中提取href,标题和文本数据。