1. 首頁
  2. 問答
  3. 配置Spring Security沒有在Spring XML 4

配置Spring Security沒有在Spring XML 4

2014-01-07 141 views
6

我想用一個custom authentication filter說:配置Spring Security沒有在Spring XML 4

  1. 驗證之後捕獲加密頭標記
  2. ,提取用戶的詳細信息,並將它們添加到當前請求的安全上下文以無狀態的方式

我希望能夠使用此安全上下文持有人獲取有關當前請求用戶正確處理其請求的詳細信息。

@RequestMapping(value = "/simple", method = RequestMethod.POST) 
@ResponseBody 
@Transactional 
@Preauthorize(...) 
public String simple(){ 
    //collect the user's current details from the getPrinciple() and complete the transaction... 
    Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); 
    return "Simple"; 
}

我在XML做過像這樣:

<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:security="http://www.springframework.org/schema/security" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd 
http://www.springframework.org/schema/security 
http://www.springframework.org/schema/security/spring-security-3.2.xsd"> 

    <security:global-method-security 
     secured-annotations="enabled" /> 

    <security:http pattern="/**" 
     auto-config="true" disable-url-rewriting="true" use-expressions="true"> 
     <security:custom-filter ref="authenticationTokenProcessingFilter" 
      position="FORM_LOGIN_FILTER" /> 
     <security:intercept-url pattern="/authenticate" 
      access="permitAll" /> 
     <security:intercept-url pattern="/secure/**" 
      access="isAuthenticated()" /> 
    </security:http> 

    <bean id="CustomAuthenticationEntryPoint" class="org.foo.CustomAuthenticationEntryPoint" /> 

    <bean class="org.foo.AuthenticationTokenProcessingFilter" id="authenticationTokenProcessingFilter"> 
     <constructor-arg ref="authenticationManager" /> 
    </bean> 

</beans>

不過,我想這與非XML WebSecurityConfigurerAdapter喜歡在他們的春天啓動的例子更新Spring Boot應用工作文件:

@Bean 
    public ApplicationSecurity applicationSecurity() { 
     return new ApplicationSecurity(); 
    } 

    @Order(Ordered.LOWEST_PRECEDENCE - 8) 
    protected static class ApplicationSecurity extends WebSecurityConfigurerAdapter { 
     @Override 
     protected void configure(HttpSecurity http) throws Exception { 
      // this is obviously for a simple "login page" not a custom filter! 
http.authorizeRequests().anyRequest().fullyAuthenticated().and().formLogin() 
         .loginPage("/login").failureUrl("/login?error").permitAll(); 
      } 
     }

任何意見或類似的例子嗎?

來源

2014-01-07 jordan.baucke

回答

1

我現在正在做類似的事情。有人可能會發現這對未來有幫助。 做一個XML到Java配置翻譯會使它看起來像下面:

import javax.servlet.Filter; 

import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.beans.factory.annotation.Qualifier; 
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; 
import org.springframework.security.config.annotation.web.builders.HttpSecurity; 
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 
import org.springframework.security.web.AuthenticationEntryPoint; 
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; 

@EnableGlobalMethodSecurity(securedEnabled=true) //<security:global-method-security secured-annotations="enabled" /> 
public class ApplicationSecurity extends WebSecurityConfigurerAdapter { 

    @Autowired 
    @Qualifier("authenticationTokenProcessingFilter") 
    private Filter authenticationTokenProcessingFilter; 

    @Autowired 
    private AuthenticationEntryPoint entryPoint; 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http.exceptionHandling().authenticationEntryPoint(entryPoint); 


     http //auto-config="true" 
      .authorizeRequests() 
       .anyRequest().authenticated() 
       .and() 
      .formLogin() 
       .and() 
      .httpBasic(); 


     http 
      .authorizeRequests() // use-expressions="true" 
      .antMatchers("/authenticate").permitAll() //<security:intercept-url pattern="/authenticate" access="permitAll" /> 
      .antMatchers("/secure/**").authenticated() //<security:intercept-url pattern="/secure/**"   access="isAuthenticated()" /> 
      .and() 
      .addFilterBefore(authenticationTokenProcessingFilter, UsernamePasswordAuthenticationFilter.class) // <security:custom-filter ref="authenticationTokenProcessingFilter" position="FORM_LOGIN_FILTER" /> http://docs.spring.io/spring-security/site/docs/3.0.x/reference/ns-config.html 
      ; 
    } 
}

來源

2016-10-26 21:17:03 NeshDev

相關問題

 相關問題