源代码解析
@Configuration(proxyBeanMethods = false)//不使用代理
@ConditionalOnClass(DefaultAuthenticationEventPublisher.class)//当引入了spring-security-core包时即自动启用该类
@EnableConfigurationProperties(SecurityProperties.class)
@Import({ SpringBootWebSecurityConfiguration.class, WebSecurityEnablerConfiguration.class,
SecurityDataConfiguration.class })//导入这几个类,import即加载实例化类到ioc容器
public class SecurityAutoConfiguration {
//实例化认证事件发布器
@Bean
@ConditionalOnMissingBean(AuthenticationEventPublisher.class)
public DefaultAuthenticationEventPublisher authenticationEventPublisher(ApplicationEventPublisher publisher) {
return new DefaultAuthenticationEventPublisher(publisher);
}
}
其中,@ConditionalOnMissingBean,它是修饰bean的一个注解,主要实现的是,当你的bean被注册之后,如果而注册相同类型的bean,就不会成功,它会保证你的bean只有一个,即你的实例只有一个,当你注册多个相同的bean时,会出现异常,以此来告诉开发人员。
接下来看import的三个类
SecurityDataConfiguration
@Configuration(proxyBeanMethods = false)
@ConditionalOnClass(SecurityEvaluationContextExtension.class)
public class SecurityDataConfiguration {
@Bean
@ConditionalOnMissingBean
public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
return new SecurityEvaluationContextExtension();
}
}
此类纯粹只是为了整合spring-data模块使用。待续。。。
SpringBootWebSecurityConfiguration
@Configuration(proxyBeanMethods = false)
@ConditionalOnClass(WebSecurityConfigurerAdapter.class)//当类路径下有指定类的条件下
@ConditionalOnMissingBean(WebSecurityConfigurerAdapter.class)//当容器里没有指定Bean的情况下
@ConditionalOnWebApplication(type = Type.SERVLET)//当Spring为web服务时,才使注解的类生效;通常是配置类
public class SpringBootWebSecurityConfiguration {
配置一个空的 WebSecurityConfigurerAdapter 静态子类实际没做什么操作
@Configuration(proxyBeanMethods = false)
@Order(SecurityProperties.BASIC_AUTH_ORDER)
static class DefaultConfigurerAdapter extends WebSecurityConfigurerAdapter {
}
}
WebSecurityEnablerConfiguration
@Configuration(proxyBeanMethods = false)
@ConditionalOnBean(WebSecurityConfigurerAdapter.class)
@ConditionalOnMissingBean(name = BeanIds.SPRING_SECURITY_FILTER_CHAIN)
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
@EnableWebSecurity//这个注解最主要
public class WebSecurityEnablerConfiguration {
}
@EnableWebSecurity
@Retention(value = java.lang.annotation.RetentionPolicy.RUNTIME)
@Target(value = { java.lang.annotation.ElementType.TYPE })
@Documented
@Import({ WebSecurityConfiguration.class,
SpringWebMvcImportSelector.class,
OAuth2ImportSelector.class })
@EnableGlobalAuthentication//此处启用了这个配置实际导入了AuthenticationConfiguration此类
@Configuration
public @interface EnableWebSecurity {
/**
* Controls debugging support for Spring Security. Default is false.
* @return if true, enables debug support with Spring Security
*/
boolean debug() default false;
}
一共导入了四个雷类:
WebSecurityConfiguration
SpringWebMvcImportSelector
OAuth2ImportSelector
AuthenticationConfiguration
WebSecurityConfiguration
我的另一篇 https://editor.csdn.net/md/?articleId=118521336