彈簧安全形式的身份驗證遷移註釋

Question

我有以下彈簧安全配置：

<?xml version="1.0" encoding="UTF-8"?> 
<b:beans xmlns="http://www.springframework.org/schema/security" 
xmlns:b="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd 
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> 

<http use-expressions="true"> 
    <intercept-url pattern="/edit/**" access="hasRole('EDITOR')" /> 
    <form-login login-page="/login" authentication-failure-url="/loginfailed" /> 
    <logout logout-success-url="/" delete-cookies="JSESSIONID" /> 
    <remember-me user-service-ref="userDetailsService"/> 
</http> 

<b:bean id="encoder" 
    class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" /> 

<authentication-manager> 
    <authentication-provider user-service-ref="userDetailsService"> 
     <password-encoder ref="encoder" /> 
    </authentication-provider> 
</authentication-manager> 
</b:beans> 

而且我試圖將其遷移到基於註解的配置：

import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.context.annotation.Bean; 
import org.springframework.context.annotation.Configuration; 
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; 
import org.springframework.security.config.annotation.web.builders.HttpSecurity; 
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 
import org.springframework.security.core.userdetails.UserDetailsService; 
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; 
import org.springframework.security.crypto.password.PasswordEncoder; 

@Configuration 
@EnableWebSecurity 
public class SecurityConfiguration extends WebSecurityConfigurerAdapter { 

    @Autowired 
    private UserDetailsService userDetailsService; 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http 
       .authorizeRequests().antMatchers("/edit/**").hasRole("EDITOR").and() 
       .logout().logoutSuccessUrl("/").deleteCookies("JSESSIONID").and() 
       .formLogin().loginPage("/login").failureUrl("/loginfailed").and() 
       .rememberMe().userDetailsService(userDetailsService); 
    } 

    @Override 
    protected void configure(AuthenticationManagerBuilder auth) throws Exception { 
     auth.userDetailsService(userDetailsService).passwordEncoder(encoder()); 
    } 

    @Bean 
    public PasswordEncoder encoder() { 
     return new BCryptPasswordEncoder(); 
    } 

} 

而且我有社交網絡登錄功能，爲此我使用了自動裝配的RequestCache。而且這個bean不會出現在基於註解的配置的應用上下文中。我錯過了什麼？

Answer 1

RequestCache問題解決方式如下：

@Bean 
public RequestCache requestCache() { 
    return new HttpSessionRequestCache(); 
} 

並與變化中的配置：

http 
      .requestCache().requestCache(requestCache()).and() 
      .authorizeRequests().antMatchers("/edit/**").hasRole("EDITOR").and()... 

也遷移到基於註解的配置許多默認設置被改變 - 「爲j_username」到「用戶名」變成需要「j_password」〜「password」，「j_spring_security_check」〜「登錄」，「j_spring_security_logout」〜「登出」，csrf隱藏標記。