[英]Spring Security Java configuration
I have working XML-based security configuration in my Spring MVC project: 我在Spring MVC项目中使用基于XML的安全配置:
<security:http use-expressions="true"
authentication-manager-ref="authenticationManager">
<security:intercept-url pattern="/" access="permitAll"/>
<security:intercept-url pattern="/dashboard/home/**" access="hasAnyRole('ROLE_USER, ROLE_ADMIN')"/>
<security:intercept-url pattern="/dashboard/users/**" access="hasRole('ROLE_ADMIN')"/>
<security:intercept-url pattern="/rest/users/**" access="hasRole('ROLE_ADMIN')"/>
<security:form-login login-page="/"/>
</security:http>
And I have question: is it possible to fully replace it by Java configuration? 我有疑问:是否可以通过Java配置完全替换它? What annotations and where should I use for "use-expressions", "intercept-url", etc.?
什么注释以及我应该在哪里使用“use-expressions”,“intercept-url”等?
Yes, if you are using Spring security 3.2
and above, it will be something like this : 是的,如果您使用的是
Spring security 3.2
及更高版本,它将是这样的:
@Configuration
@EnableWebSecurity
public class MyWebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/dashboard/home/**").hasAnyRole("USER", "ADMIN")
.antMatchers("/dashboard/users/**").hasRole("ADMIN")
.antMatchers("/rest/users/**").hasRole("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/")
.permitAll();
}
// Possibly more overridden methods ...
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.