Spring Security 配置 Kotlin DSL
[英]Spring Security Configuration Kotlin DSL
问题描述
所以,我的配置器适配器中有这个 java 代码:
http.cors().and().csrf().disable()
.authorizeRequests().antMatchers(HttpMethod.POST, Constants.CREATE_USER_URL).permitAll()
.and().authorizeRequests().antMatchers(HttpMethod.GET, "/v2/api-docs", "/swagger-resources/**", "/swagger-ui/**", "/swagger-ui.html**", "/webjars/**", "favicon.ico").permitAll().anyRequest().authenticated()
.and().addFilter(new JwtAuthenticationFilter(authenticationManager())).addFilter(new BasicJwtAuthenticationFilter(authenticationManager()))
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
我尝试使用新的 Kotlin DSL:
http {
cors { disable() }
csrf { disable() }
authorizeRequests {
authorize(AntPathRequestMatcher(createUserUrl, HttpMethod.POST.name), permitAll)
authorize(AntPathRequestMatcher("favicon.ico", HttpMethod.GET.name), permitAll)
authorize(AntPathRequestMatcher("/v2/api-docs", HttpMethod.GET.name), permitAll)
authorize(AntPathRequestMatcher("/swagger-resources/**", HttpMethod.GET.name), permitAll)
authorize(AntPathRequestMatcher("/swagger-ui/**", HttpMethod.GET.name), permitAll)
authorize(AntPathRequestMatcher("/webjars/**", HttpMethod.GET.name), permitAll)
authorize(anyRequest, authenticated)
}
addFilterAt(JwtAuthenticationFilter(authenticationManager()), AuthenticationFilter::class.java)
addFilterAt(BasicJwtAuthenticationFilter(authenticationManager()), BasicAuthenticationFilter::class.java)
sessionManagement { SessionCreationPolicy.STATELESS }
}
这个 kotlin dsl 是否与 java 代码具有相同的功能? kotlin dsl 没有addFilter吗?
我可以减少具有相似代码( permitAll HTTP GET )的冗余authorize (在 Java 代码上,它使用了接受多种模式的permitAll HTTP GET )?
1 个解决方案
解决方案1
5 已采纳 2020-09-07 08:22:00
您的 Kotlin 配置不等同于您共享的 Java 配置。
一、CORS配置
http
.cors()
.and()
// ...
下面是等效的 Kotlin 配置,因为您是启用 CORS 而不是禁用它。
http {
cors { }
}
二、会话管理配置
http
// ...
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
下面是等效的 Kotlin 配置,您要在其中分配 SessionCreationPolicy。
http {
sessionManagement {
sessionCreationPolicy = SessionCreationPolicy.STATELESS
}
}
关于addFilter方法,在 Javadoc 中它指出
添加过滤器,该过滤器必须是安全框架中提供的过滤器之一的实例或扩展其中的一个过滤器。
如果您的自定义过滤器BasicJwtAuthenticationFilter是BasicAuthenticationFilter的实例,则 Kotlin 配置是正确的。
将所有这些加在一起,您将获得以下 Kotlin 配置
http {
cors { }
csrf { disable() }
authorizeRequests {
authorize(AntPathRequestMatcher(createUserUrl, HttpMethod.POST.name), permitAll)
authorize(AntPathRequestMatcher("favicon.ico", HttpMethod.GET.name), permitAll)
authorize(AntPathRequestMatcher("/v2/api-docs", HttpMethod.GET.name), permitAll)
authorize(AntPathRequestMatcher("/swagger-resources/**", HttpMethod.GET.name), permitAll)
authorize(AntPathRequestMatcher("/swagger-ui/**", HttpMethod.GET.name), permitAll)
authorize(AntPathRequestMatcher("/webjars/**", HttpMethod.GET.name), permitAll)
authorize(anyRequest, authenticated)
}
addFilterAt(JwtAuthenticationFilter(authenticationManager()), AuthenticationFilter::class.java)
addFilterAt(BasicJwtAuthenticationFilter(authenticationManager()), BasicAuthenticationFilter::class.java)
sessionManagement {
sessionCreationPolicy = SessionCreationPolicy.STATELESS
}
}
Protobuf配置Intellij Idea插件Gradle-kotlin-dsl kotlin
[英]Protobuf configuration Intellij Idea Plugin Gradle-kotlin-dsl kotlin
Spring Security 配置中的 BcryptEncoder 配置
[英]BcryptEncoder configuration in Spring Security Configuration
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.