SpringSecurity在SpringBoot中应用:
如何添加一个新链
继承WebSecurityConfigurerAdapter
@Configuration
//顺序很重要,必须定义顺序,具体添加在那个位置根据业务情况。
@Order(SecurityProperties.BASIC_AUTH_ORDER - 10)
public class ApplicationConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/foo/**")
...;
}}
如何覆盖默认配置
@Configuration
//顺序很重要,必须定义顺序,具体添加在那个位置根据业务情况。
@Order(SecurityProperties.BASIC_AUTH_ORDER - 10)
@EnableWebSecurity
MySecurityChainConfig extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/foo/**")
.authorizeRequests()
.antMatchers("/foo/bar").hasRole("BAR")//这里细化了对具体路径的处理
.antMatchers("/foo/spam").hasRole("SPAM")
.anyRequest().isAuthenticated();
}
}
配置全局共享对象
@Configuration
public class ApplicationSecurity extends WebSecurityConfigurerAdapter {
... // web stuff here
@Autowired
public void initialize(AuthenticationManagerBuilder builder, DataSource dataSource) {
builder.jdbcAuthentication().dataSource(dataSource).withUser("dave")
.password("secret").roles("USER");
}
}