gpt4 book ai didi

java - Spring 安全 : Authentication manager and global security config with Java config from xml config

转载 作者:行者123 更新时间:2023-11-30 10:16:30 31 4
gpt4 key购买 nike

我正在使用 spring security 4.2.5.RELEASE 和 spring 4.3.16.RELEASE我的 XML 配置工作正常,如下所示

<security:global-method-security secured-annotations="enabled" pre-post-annotations="enabled" access-decision-manager-ref="methodAccessDecisionManager">
<security:expression-handler ref="methodExpressionHandler"/>
</security:global-method-security>
<security:authentication-manager>
<security:authentication-provider user-service-ref="userDetailsService">
<security:password-encoder ref="passwordEncoder">
<security:salt-source user-property="saltSource" />
</security:password-encoder>
</security:authentication-provider>

<security:authentication-provider user-service-ref="userDetailsService">
<security:password-encoder ref="bcryptPasswordEncoder"/>
</security:authentication-provider>
</security:authentication-manager>

我还有 http 安全配置。需要此配置与 java 配置。但不能这样做,因为我没有找到任何解决方案<强> access-decision-manager-ref="methodAccessDecisionManager" <security:expression-handler ref="methodExpressionHandler"/>

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {

http
.csrf().disable()
.addFilterAt(switchUserProcessingFilter(), SwitchUserFilter.class)
.authorizeRequests()
.accessDecisionManager(webAccessDecisionManager())
.antMatchers("/pages/login.jsf").permitAll()
.antMatchers("/pages/expired.jsf").permitAll()
.antMatchers("/css/*").permitAll()
.antMatchers("/images/*").permitAll()
.antMatchers("/pages/testui/*").access("hasRole('PRIVILEGE_TESTER')")
.antMatchers("/pages/client/*").access("hasAnyRole('PRIVILEGE_USE_TENDERING, PRIVILEGE_MANAGE_USERS')")
.antMatchers("/pages/html5/**").access("hasAnyRole('PRIVILEGE_USE_TENDERING, PRIVILEGE_USE_SPOTREQUEST')")
.antMatchers("/moker/*").access("isAuthenticated()")
.antMatchers("/e/*").access("hasRole('PRIVILEGE_FILE')")
.and()
.formLogin()
.loginPage("/pageogin.jsf")
.usernameParameter("j_username")
.passwordParameter("j_password")
.loginProcessingUrl("/j_sy_check")
.failureUrl("/pages/l_error=1")
.successHandler(tenderEasyAuthSuccessHandler())
.and()
.exceptionHandling()
.accessDeniedHandler(accessDeniedHandler())
.and()
.logout()
.logoutUrl("/j_spring_security_logout")
.logoutSuccessUrl("/pages/logout.jsf")
.and();
}

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService())
.passwordEncoder(passwordEncoder().isPasswordValid(encPass, rawPass, salt))

}

}

但是我在这里找到任何东西:

access-decision-manager-ref="methodAccessDecisionManager", security:expression-handler ref=methodExpressionHandlersecurity:salt-source user-property=saltSource

最佳答案

要指定方法表达式处理程序和访问决策管理器,请使用基于 GlobalMethodSecurityConfiguration 的配置:

@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class MyGlobalMethodSecurityConfiguration extends GlobalMethodSecurityConfiguration {

@Autowired
private MethodSecurityExpressionHandler methodExpressionHandler;

@Autowired
private AccessDecisionManager methodAccessDecisionManager;

@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
return methodExpressionHandler;
}

@Override
protected AccessDecisionManager accessDecisionManager() {
return methodAccessDecisionManager;
}

}

(从您的 SecurityConfig 中删除 @EnableGlobalMethodSecurity)。

另见 Spring Security Reference Docs .

关于java - Spring 安全 : Authentication manager and global security config with Java config from xml config,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50039908/

31 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com