@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
/*
* 使用 Spring MVC 的 CORS 支持,可以省略指定 和 Spring Security 将利用提供给 Spring MVC 的 CORS 配置。
* 请求不包含任何 Cookie,并且 Spring Security 是第一位的,则请求将确定用户未经过身份验证
* .antMatchers("/admin").hasRole("ADMIN")
* .anyRequest().authenticated()//任何请求都需要用户进行身份验证
* */
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors(withDefaults())
.authorizeRequests(
authorizeRequests -> authorizeRequests
.mvcMatchers("/admin/**").hasRole("ADMIN")
.mvcMatchers("/resources/**", "/signup", "/about").permitAll()
)
.formLogin().loginPage("/login").permitAll()
.and()
.httpBasic()
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/index")
// .logoutSuccessHandler(logoutSuccessHandler)
// .invalidateHttpSession(true)
// .addLogoutHandler(logoutHandler)
// .deleteCookies(cookieNamesToClear)
.and();
}
//Servlet 拦截器 负责应用程序内的所有安全性(保护应用程序 URL、验证提交的用户名和密码、重定向到表单中的日志等)
@Bean
public UserDetailsService userDetailsService() {
User.UserBuilder userbs = User.builder();
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
manager.createUser(userbs.username("admin").password("password").roles("USER", "ADMIN").build());
manager.updateUser(userbs.username("admin").password("password").roles("USER", "ADMIN").build());
return manager;
}
相关源码
public void init(WebSecurity web) throws Exception {
HttpSecurity http = this.getHttp();
web.addSecurityFilterChainBuilder(http).postBuildAction(() -> {
FilterSecurityInterceptor securityInterceptor = (FilterSecurityInterceptor)http.getSharedObject(FilterSecurityInterceptor.class);
web.securityInterceptor(securityInterceptor);
});
}
public void configure(WebSecurity web) throws Exception {
}
protected void configure(HttpSecurity http) throws Exception {
this.logger.debug("Using default configure(HttpSecurity). If subclassed this will potentially override subclass configure(HttpSecurity).");
((HttpSecurity)((HttpSecurity)((AuthorizedUrl)http.authorizeRequests().anyRequest()).authenticated().and()).formLogin().and()).httpBasic();
}
protected UserDetailsService userDetailsService() {
AuthenticationManagerBuilder globalAuthBuilder = (AuthenticationManagerBuilder)this.context.getBean(AuthenticationManagerBuilder.class);
return new WebSecurityConfigurerAdapter.UserDetailsServiceDelegator(Arrays.asList(this.localConfigureAuthenticationBldr, globalAuthBuilder));
}
static final class UserDetailsServiceDelegator implements UserDetailsService {
private List<AuthenticationManagerBuilder> delegateBuilders;
private UserDetailsService delegate;
private final Object delegateMonitor = new Object();
UserDetailsServiceDelegator(List<AuthenticationManagerBuilder> delegateBuilders) {
if (delegateBuilders.contains((Object)null)) {
throw new IllegalArgumentException("delegateBuilders cannot contain null values. Got " + delegateBuilders);
} else {
this.delegateBuilders = delegateBuilders;
}
}
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
if (this.delegate != null) {
return this.delegate.loadUserByUsername(username);
} else {
synchronized(this.delegateMonitor) {
if (this.delegate == null) {
Iterator var3 = this.delegateBuilders.iterator();
while(var3.hasNext()) {
AuthenticationManagerBuilder delegateBuilder = (AuthenticationManagerBuilder)var3.next();
this.delegate = delegateBuilder.getDefaultUserDetailsService();
if (this.delegate != null) {
break;
}
}
if (this.delegate == null) {
throw new IllegalStateException("UserDetailsService is required.");
}
this.delegateBuilders = null;
}
}
return this.delegate.loadUserByUsername(username);
}
}
}
扫一扫
739
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
