gpt4 book ai didi

java - 如何将弃用的 WebSecurityConfigurerAdapter 迁移到 SecurityFilterChain?

转载 作者:行者123 更新时间:2023-12-05 01:04:27 25 4
gpt4 key购买 nike

正如他们对我们的描述 hereWebSecurityConfigurerAdapter 将在一段时间内弃用。

由于我想实现 JWT 模式,我尝试使用 SecurityFilterChain 重构 WebSecurityConfigurerAdapter 的实现。我面临的主要考虑是配置返回无效。

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);
}

@Override
protected void configure(HttpSecurity http) throws Exception {
CustomAuthenticationFilter customAuthenticationFilter = new CustomAuthenticationFilter(authenticationManagerBean(), accessTokenExpiredInDays, refreshTokenExpiredInDays, jwtSecret);
customAuthenticationFilter.setFilterProcessesUrl("/api/login");
http
.csrf().disable();
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http
.authorizeRequests()
.antMatchers("/error").permitAll();
http
.authorizeRequests()
.antMatchers("/api/login/**", "/api/token/refresh/**").permitAll();
http
.authorizeRequests()
.anyRequest().authenticated();
http
.addFilter(customAuthenticationFilter);
http
.addFilterBefore(new CustomAuthorizationFilter(jwtSecret), UsernamePasswordAuthenticationFilter.class);
}

@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception{
return super.authenticationManagerBean();
}

最佳答案

请注意,Spring Security 内置了对 JWT 身份验证的支持,无需创建自定义过滤器。您可以找到 Spring Security 团队提供的示例 here .

但是,如果您确实选择创建自定义过滤器,推荐的配置方法是创建 custom DSL .
这和 Spring Security 在内部做的方式是一样的。

我在下面使用自定义 DSL 重写了您的配置。

@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.csrf().disable();
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http
.authorizeRequests()
.antMatchers("/error").permitAll();
http
.authorizeRequests()
.antMatchers("/api/login/**", "/api/token/refresh/**").permitAll();
http
.authorizeRequests()
.anyRequest().authenticated();
// apply the custom DSL which adds the custom filter
http
.apply(customDsl());
http
.addFilterBefore(new CustomAuthorizationFilter(jwtSecret), UsernamePasswordAuthenticationFilter.class);

return http.build();
}

public class MyCustomDsl extends AbstractHttpConfigurer<MyCustomDsl, HttpSecurity> {
@Override
public void configure(HttpSecurity http) throws Exception {
AuthenticationManager authenticationManager =
http.getSharedObject(AuthenticationManager.class);
CustomAuthenticationFilter filter =
new CustomAuthenticationFilter(authenticationManager, accessTokenExpiredInDays, refreshTokenExpiredInDays, jwtSecret);
filter.setFilterProcessesUrl("/api/login");
http.addFilter(filter);
}

public static MyCustomDsl customDsl() {
return new MyCustomDsl();
}
}

此配置以及其他示例在 Spring blog post 中进行了描述关于从 WebSecurityConfigurerAdapter 迁移。

关于java - 如何将弃用的 WebSecurityConfigurerAdapter 迁移到 SecurityFilterChain?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/72014162/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com