gpt4 book ai didi

java Spring @EnableResourceServer 和 @EnableWebSecurity

转载 作者:塔克拉玛干 更新时间:2023-11-02 19:08:26 25 4
gpt4 key购买 nike

我有 RESTful spring 资源服务器,带有 @EnableResourceServer 并扩展了 ResourceServerConfigurerAdapter

documentations说:

...In order to use this filter you must @EnableWebSecurity somewhere in your application, either in the same place as you use this annotation, or somewhere else.

但是当我到达 public @interface EnableResourceServer 时,我看到 ResourceServerConfiguration extends WebSecurityConfigurerAdapter

问题:那么纯 RESTful API 需要什么?

  1. @EnableWebSecurity 在任何 @Config
  2. 扩展WebSecurityConfigurerAdapter
  3. 1 + 2
  4. 都没有

我的配置

@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class HGResourceServerConfigurerAdapter extends ResourceServerConfigurerAdapter {

@Override
public void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.cors().disable()
.csrf().disable()
.formLogin().disable()
.httpBasic().disable()
.jee().disable()
.logout().disable()
.rememberMe().disable()
.servletApi().disable()
.x509().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().authorizeRequests().antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.and().authorizeRequests().antMatchers(Url.API_ERROR_LOGS_FRONTEND).permitAll()
.and().authorizeRequests().antMatchers(Url.API_REGISTER_PATH).permitAll()
.and().authorizeRequests().antMatchers(Url.API_VERIFY_EMAIL_PATH).permitAll()
.and().authorizeRequests().antMatchers(Url.API_RESET_PASSWORD_PATH).permitAll()
.and().authorizeRequests().antMatchers(Url.API_CONFIRM_RESET_PASSWORD_PATH).permitAll()
.and().authorizeRequests().anyRequest().authenticated();
}

@Primary
@Bean
public RemoteTokenServices tokenService() {
RemoteTokenServices tokenService = new RemoteTokenServices();
tokenService.setCheckTokenEndpointUrl("http://localhost:8081/oauth/check_token");
tokenService.setClientId("client");
tokenService.setClientSecret("secret");
return tokenService;
}


//disable default user creation
@Bean
public UserDetailsService userDetailsService() throws Exception {
return new InMemoryUserDetailsManager();
}

//password encoder
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}

最佳答案

不,启用 EnableWebSecurity 是隐式的。

我不推荐使用 WebSecurityConfigurerAdapter,你会遇到一些麻烦: Correctly configure spring security oauth2

关于java Spring @EnableResourceServer 和 @EnableWebSecurity,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50294313/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com