[英]Spring security configuration to java configuration
I am trying with no luck to translate this configuration to java config I have all the classes ready but i just can figure it out Please help 我没有运气尝试将此配置转换为java config我已经准备好所有类,但我可以弄清楚请帮助
<bean id="passwordEncoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder">
<constructor-arg value="ThisIsASecretSoChangeMe" />
</bean>
<security:authentication-manager id="authenticationManager">
<security:authentication-provider user-service-ref="userDao">
<security:password-encoder ref="passwordEncoder"></security:password-encoder>
</security:authentication-provider>
</security:authentication-manager>
<security:http
realm="Protected API"
use-expressions="true"
auto-config="false"
create-session="stateless"
entry-point-ref="unauthorizedEntryPoint"
authentication-manager-ref="authenticationManager">
<security:custom-filter ref="authenticationTokenProcessingFilter" position="FORM_LOGIN_FILTER" />
<security:intercept-url pattern="/rest/user/authenticate" access="permitAll" />
<security:intercept-url method="GET" pattern="/rest/news/**" access="hasRole('user')" />
<security:intercept-url method="PUT" pattern="/rest/news/**" access="hasRole('admin')" />
<security:intercept-url method="POST" pattern="/rest/news/**" access="hasRole('admin')" />
<security:intercept-url method="DELETE" pattern="/rest/news/**" access="hasRole('admin')" />
</security:http>
<bean id="unauthorizedEntryPoint" class="net.dontdrinkandroot.example.angularrestspringsecurity.rest.UnauthorizedEntryPoint" />
<bean class="net.dontdrinkandroot.example.angularrestspringsecurity.rest.AuthenticationTokenProcessingFilter" id="authenticationTokenProcessingFilter">
<constructor-arg ref="userDao" />
</bean>
This appears to have been addressed in this post Spring: Annotation equivalent of security:authentication-manager and security:global-method-security 这似乎已经在本博文Spring中得到了解决:等效于security:authentication-manager和security:global-method-security的注释
I have left mine in xml form for the moment. 我暂时以xml格式离开了我的。 I stripped everything but the security config from the rest-services-config.xml then imported it to my new configWebXml class like this:
我从rest-services-config.xml中剥离了除安全配置之外的所有内容,然后将其导入到新的configWebXml类中,如下所示:
@Configuration
@ComponentScan
@EnableAutoConfiguration
@ImportResource("classpath:rest-services-config.xml")
public class ConfigWebXml extends SpringBootServletInitializer {
@Override
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(Application.class);
}
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
Until I did this, the security context would not be cleared. 在执行此操作之前,不会清除安全上下文。 After a successful login, it would never go back and validate the token.
成功登录后,它将永远不会返回并验证令牌。 This allowed me to convert to a full annotation based springboot app with the exception of spring security.
这使我可以转换为基于完整注释的springboot应用程序,但spring安全性除外。
Hope this helps. 希望这可以帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.