[英]Spring-security.xml code based configuration
I'm looking for an example of how to do a code based configuration of the spring-security.xml file. 我正在寻找有关如何对spring-security.xml文件进行基于代码的配置的示例。 This is a standard spring-security.xml file that I'm using to guide myself.
这是我用来指导自己的标准spring-security.xml文件。
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<http auto-config="true">
<intercept-url pattern="/admin**" access="ROLE_USER" />
<form-login
login-page="/login"
default-target-url="/welcome"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password" />
<logout logout-success-url="/login?logout" />
<!-- enable csrf protection -->
<csrf/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="mkyong" password="123456" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
And this is a code based configuration class that I'm also using to guide myself 这是一个基于代码的配置类,我也用来指导自己
@EnableWebSecurity
@Configuration
public class CustomWebSecurityConfigurerAdapter extends
WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {
auth
.inMemoryAuthentication()
.withUser("user") // #1
.password("password")
.roles("USER")
.and()
.withUser("admin") // #2
.password("password")
.roles("ADMIN","USER");
}
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/resources/**"); // #3
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeUrls()
.antMatchers("/signup","/about").permitAll() // #4
.antMatchers("/admin/**").hasRole("ADMIN") // #6
.anyRequest().authenticated() // 7
.and()
.formLogin() // #8
.loginUrl("/login") // #9
.permitAll(); // #5
}
}
But if you see in the spring-security.xml file there are these URLS 但是,如果您在spring-security.xml文件中看到这些URL,
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
How do I put those URL in code? 如何将这些URL放入代码中? or should I just ignore them.
还是我应该忽略它们。
These URLs are where you find spring security XML schemas and the URL ended in .xsd
are the XML schemas itself. 在这些URL中可以找到Spring Security XML模式,而以
.xsd
结尾的URL是XML模式本身。
Did you try access http://www.springframework.org/schema/security ? 您是否尝试访问http://www.springframework.org/schema/security ? If so, you will see some XSD files, which are XML schemas.
如果是这样,您将看到一些XSD文件,它们是XML模式。
From XML schema recommendation/specification : 从XML模式推荐/规范 :
XML Schemas express shared vocabularies and allow machines to carry out rules made by people.
XML模式表示共享的词汇表,并允许机器执行人们制定的规则。 They provide a means for defining the structure, content and semantics of XML documents in more detail.
它们提供了一种更详细地定义XML文档的结构,内容和语义的方法。
An XML schema describes the structure of an XML document . XML模式描述XML文档的结构 。 In other works, XML schemas will help and guarantee to you that your XML config is a valid XML.
在其他作品中,XML模式将帮助您并确保您的XML配置是有效的XML。
As you are now using code based configuration, you can just ignore, is not necessary, the schema is now the Java code, interfaces, methods, etc. 由于您现在使用的是基于代码的配置,因此您可以忽略(不必要),该架构现在是Java代码,接口,方法等。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.