在Spring安全性中registerGlobal(),configure(),configureGlobal(),configureGlobalSecurity之间的区别
[英]Difference between registerGlobal(), configure(), configureGlobal(),configureGlobalSecurity in Spring security
问题描述
I have below three code snippets all doing the same thing: creating in-memory authentication. 
我有三个代码片段都在做同样的事情:创建内存中的身份验证。 So how it impacts defining it in different method names? 那么它如何影响在不同的方法名称中定义它?
- registerGlobal registerGlobal
- configure 配置
- configureGlobal configureGlobal
- configureGlobalSecurity configureGlobalSecurity
First one: 第一:
public void registerGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER").and()
.withUser("admin").password("password").roles("USER","ADMIN");
}
}
Second one: 第二个:
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
Third one: 第三个:
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
Fourth: 第四:
@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password("user").roles("USER");
}
UPDATE 1 : One more thing I would like to add: 更新1:我还想补充一点:
configure() method is present in WebSecurityConfigurerAdapter class while others are not present. configure()方法存在于WebSecurityConfigurerAdapter类中,而其他类不存在。
UPDATE 2: 更新2:
I renamed the method in my sample project to below and to my surprise it is working and authenticating the users. 我将示例项目中的方法重命名为以下内容,令我惊讶的是它正在对用户进行工作和身份验证。
you name it anything and it works 你把它命名为什么,它的工作原理
@Autowired
public void anyMethodName(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password("user").roles("USER");
}
2 个解决方案
解决方案1
40 已采纳 2016-02-05 10:20:56
In fact, you only have 2 different options. 实际上,您只有2种不同的选择。
Option 1: using annotations only (it cover your example 1, 3 and 4 - note that you didn't include relevant annotations in your samples) 选项1:仅使用注释 (它涵盖您的示例1,3和4 - 请注意您未在样本中包含相关注释)
registerGlobal , configureGlobal , configureGlobalSecurity are exact same way of doing things. registerGlobal , configureGlobal , configureGlobalSecurity完全相同的做事方式。 You can name the method according your tastes. 您可以根据自己的喜好命名方法。 The only constraints are : 唯一的限制是:
- annotate the method with
@Autowired使用@Autowired注释方法 - the method MUST be in a class annotated with one of the following : @EnableWebSecurity , @EnableWebMvcSecurity , @EnableGlobalMethodSecurity , or @EnableGlobalAuthentication 该方法必须位于使用以下内容之一注释的类中: @ EnableWebSecurity , @ EnableWebMvcSecurity , @ EnableGlobalMethodSecurity或@EnableGlobalAuthentication
- (and of course the method have an argument of type
AuthenticationManagerBuilder)(当然,该方法的参数类型为AuthenticationManagerBuilder)
(as you can see the name of the method is not important, that is why you found so many different method name when googling for code samples) (因为你可以看到方法的名称并不重要,这就是为什么你在谷歌搜索代码样本时发现了这么多不同的方法名称)
Here is an example of how it looks like : 以下是它的外观示例:
@EnableWebSecurity
public class MyConfiguration {
@Autowired
public void whatever(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password("password").roles("USER").and()
.withUser("admin").password("password").roles("USER", "ADMIN");
}
...
}
Option 2: using annotations + method overriding (it cover your example 2) 选项2:使用注释+方法覆盖 (它涵盖了您的示例2)
Overriding configure is a convenient approach in a subclass of WebSecurityConfigurerAdapter (or any @Configuration class implementing WebSecurityConfigurer ) but it have the same effect as the other option. 覆盖configure是WebSecurityConfigurerAdapter (或实现WebSecurityConfigurer任何@Configuration类)的子类中的一种方便方法,但它与其他选项具有相同的效果。
How to choose the correct approach? 如何选择正确的方法?
It's only a question of taste/programming-style because both approachs have the same effect. 这只是品味/编程风格的问题,因为两种方法都具有相同的效果。
The first option make sense when you want/need to keep your configuration in a single class, but your @Configuration class already extends some other class (and you don't want to implement the whole WebSecurityConfigurer interface). 当您希望/需要将配置保留在单个类中时,第一个选项有意义,但您的@Configuration类已经扩展了其他类(并且您不希望实现整个WebSecurityConfigurer接口)。
Let's explain my last point in more details. 让我们更详细地解释一下我的最后一点。 Spring provides many Adapter classes that you can extends to speed up the development of your Spring configuration. Spring提供了许多适配器类,您可以扩展它们以加速Spring配置的开发。
As an example, let's take a commonly used Adapter : WebMvcConfigurerAdapter . 举个例子,我们WebMvcConfigurerAdapter一个常用的适配器: WebMvcConfigurerAdapter 。 You will start with a very simple configuration like this : 您将从一个非常简单的配置开始,如下所示:
@EnableWebMvc
@Configuration
@ComponentScan({ "com.company.mypackage" })
public class SpringWebConfig extends WebMvcConfigurerAdapter {
}
What's important here : your class already extends an Adapter class, so you can't extends another one 这里有什么重要的:你的类已经扩展了一个Adapter类,所以你不能扩展另一个类
Now, you need to add security configuration. 现在,您需要添加安全配置。 You have the choice between including it in your existing SpringWebConfig configuration class or create a new security specific configuration class. 您可以选择将其包含在现有的SpringWebConfig配置类中,还是创建新的特定于安全性的配置类。 Here is a sample of both approaches: 以下是两种方法的示例:
1) Single @Configuration class approach 1)单个@Configuration类方法
What's important to note here : SpringWebConfig extends WebMvcConfigurerAdapter + @EnableWebSecurity 这里需要注意的重要事项:SpringWebConfig 扩展了WebMvcConfigurerAdapter + @EnableWebSecurity
@EnableWebMvc
@Configuration
@ComponentScan({ "com.company.mypackage" })
@EnableWebSecurity
public class SpringWebConfig extends WebMvcConfigurerAdapter {
@Autowired
public void whatever(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password("password").roles("USER").and()
.withUser("admin").password("password").roles("USER", "ADMIN");
}
}
2) Specific security @Configuration class 2)特定安全性@Configuration类
What's important to note here : MySecurityConfig extends WebSecurityConfigurerAdapter 这里需要注意的重要事项是:MySecurityConfig 扩展了WebSecurityConfigurerAdapter
Keep your SpringWebConfig as it was and create a new @Configuration class : 保持SpringWebConfig不变并创建一个新的@Configuration类:
@Configuration
@EnableWebSecurity
public class MySecurityConfig extends WebSecurityConfigurerAdapter {
@Overide
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password("password").roles("USER").and()
.withUser("admin").password("password").roles("USER", "ADMIN");
}
}
解决方案2
4 2016-02-05 08:15:38
For the difference between: registerGlobal(AuthenticationManagerBuilder auth) and configureGlobal(AuthenticationManagerBuilder auth) 区别: registerGlobal(AuthenticationManagerBuilder auth)和configureGlobal(AuthenticationManagerBuilder auth)
The name of the configureGlobal method is not important.
Source: 资源:
Chapter "Creating your Spring Security configuration" from the "Hello Spring Security Java Config" guide. “Hello Spring Security Java Config”指南中的“创建Spring Security配置”一章。
protected void configure(AuthenticationManagerBuilder auth) is a method that is likely provided by WebSecurityConfigurer (and its interface WebSecurityConfigurer ) - I would say that is just a more type save approach, but does not differ in its result. protected void configure(AuthenticationManagerBuilder auth)是一种可能由WebSecurityConfigurer (及其接口WebSecurityConfigurer )提供的方法 - 我想这只是一种更类型的保存方法,但其结果没有区别。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.