在Maven依赖项中重写时覆盖Spring Security configure(HttpSecurity)

时间:2019-06-29 00:27:13

标签: java spring spring-boot spring-security

我有一个带有Spring Security项目的Maven Spring Boot 2。 Maven依赖项之一扩展了WebSecurityConfigurerAdapter。例如,

public class MyConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.exceptionHandling()
                .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"))
                .and()
                .csrf()
                .and()
                .formLogin()
                .permitAll()
                .successHandler(myLoginHandler)
                .failureHandler(formAuthFailureHandler)
                .and()
                .logout()
                .permitAll()
                .logoutRequestMatcher(new AntPathRequestMatcher(logoutUrl()))
                .logoutSuccessUrl(logoutSuccessUrl())
                .and()
                .authorizeRequests()
                .antMatchers(publicRoutes())
                .permitAll()
                .antMatchers(HttpMethod.POST).authenticated()
                .antMatchers(HttpMethod.PUT).authenticated()
                .antMatchers(HttpMethod.PATCH).authenticated()
                .antMatchers(HttpMethod.DELETE).denyAll()
                .anyRequest()
                .authenticated();
    }
}

问题出在这个应用程序中,我需要重写successHandler()并添加一个logout().addLogoutHandler(myLogoutHandler)这样的注销处理程序。

是否可以仅更新这些位,还是需要再次定义整个链?也许像这样,

public class AnotherConfig extends MyConfig {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.exceptionHandling()
                .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"))
                .and()
                .csrf()
                .and()
                .formLogin()
                .permitAll()
                .successHandler(myLoginHandler)
                .failureHandler(formAuthFailureHandler)
                .and()
                .logout()
                .addLogoutHandler(myLogoutHandler)
                .permitAll()
                .logoutRequestMatcher(new AntPathRequestMatcher(logoutUrl()))
                .logoutSuccessUrl(logoutSuccessUrl())
                .and()
                .authorizeRequests()
                .antMatchers(publicRoutes())
                .permitAll()
                .antMatchers(HttpMethod.POST).authenticated()
                .antMatchers(HttpMethod.PUT).authenticated()
                .antMatchers(HttpMethod.PATCH).authenticated()
                .antMatchers(HttpMethod.DELETE).denyAll()
                .anyRequest()
                .authenticated();
    }
}

我希望这两个值可能在某个地方有一个设置器。

谢谢

1 个答案:

答案 0 :(得分:0)

您需要将覆盖一的顺序设置为高于被覆盖一的顺序。

@Order(Ordered.LOWEST_PRECEDENCE - 1)
public class AnotherConfig extends MyConfig {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.exceptionHandling()
                .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"))
                .and()
                .csrf()
                .and()
                .formLogin()
                .permitAll()
                .successHandler(myLoginHandler)
                .failureHandler(formAuthFailureHandler)
                .and()
                .logout()
                .addLogoutHandler(myLogoutHandler)
                .permitAll()
                .logoutRequestMatcher(new AntPathRequestMatcher(logoutUrl()))
                .logoutSuccessUrl(logoutSuccessUrl())
                .and()
                .authorizeRequests()
                .antMatchers(publicRoutes())
                .permitAll()
                .antMatchers(HttpMethod.POST).authenticated()
                .antMatchers(HttpMethod.PUT).authenticated()
                .antMatchers(HttpMethod.PATCH).authenticated()
                .antMatchers(HttpMethod.DELETE).denyAll()
                .anyRequest()
                .authenticated();
    }
}

为什么要Ordered.LOWEST_PRECEDENCE - 1
因为默认顺序是Ordered.LOWEST_PRECEDENCE,这是为覆盖的类设置的。

或者您可以将其设置为覆盖的特定数字。