我创建了支持基本授权的Rest Api。 WebSecurityConfigurerAdapter看起来像这样:
@Configuration
@EnableWebSecurity
public class BasicSecurityConfig extends WebSecurityConfigurerAdapter {
private static String DEFAULT_ROLE = "USER";
private final AuthenticationEntryPoint authEntryPoint;
private final DataSource dataSource;
private final PasswordEncoder userPasswordEncoder;
@Autowired
public BasicSecurityConfig(AuthenticationEntryPoint authEntryPoint, DataSource dataSource, PasswordEncoder userPasswordEncoder) {
this.authEntryPoint = authEntryPoint;
this.dataSource = dataSource;
this.userPasswordEncoder = userPasswordEncoder;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// https://docs.spring.io/spring-security/site/docs/current/reference/html/jc.html
http.csrf().disable().authorizeRequests()
.antMatchers("/api/registration/**").permitAll()
.antMatchers("/api/dictionary/**").permitAll()
.antMatchers("/api/common/**").permitAll()
.anyRequest().hasRole(DEFAULT_ROLE)
.and().httpBasic()
.authenticationEntryPoint(authEntryPoint);
}
@Autowired
public void authentication(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery("select login, password_hash, enabled from security.users where login = ?")
.authoritiesByUsernameQuery("select u.login, r.code from security.users u, security.user_roles ur, security.roles r where u.id = ur.user_id and ur.role_id = r.id and u.login = ?")
.passwordEncoder(userPasswordEncoder);
}
}
是否可以通过使用OAuth2授权的外部服务(Facebook等)添加授权? 你能给我指出一些例子吗?