[英]Spring Security Configuration Kotlin DSL
所以,我的配置器适配器中有这个 java 代码:
http.cors().and().csrf().disable()
.authorizeRequests().antMatchers(HttpMethod.POST, Constants.CREATE_USER_URL).permitAll()
.and().authorizeRequests().antMatchers(HttpMethod.GET, "/v2/api-docs", "/swagger-resources/**", "/swagger-ui/**", "/swagger-ui.html**", "/webjars/**", "favicon.ico").permitAll().anyRequest().authenticated()
.and().addFilter(new JwtAuthenticationFilter(authenticationManager())).addFilter(new BasicJwtAuthenticationFilter(authenticationManager()))
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
我尝试使用新的 Kotlin DSL:
http {
cors { disable() }
csrf { disable() }
authorizeRequests {
authorize(AntPathRequestMatcher(createUserUrl, HttpMethod.POST.name), permitAll)
authorize(AntPathRequestMatcher("favicon.ico", HttpMethod.GET.name), permitAll)
authorize(AntPathRequestMatcher("/v2/api-docs", HttpMethod.GET.name), permitAll)
authorize(AntPathRequestMatcher("/swagger-resources/**", HttpMethod.GET.name), permitAll)
authorize(AntPathRequestMatcher("/swagger-ui/**", HttpMethod.GET.name), permitAll)
authorize(AntPathRequestMatcher("/webjars/**", HttpMethod.GET.name), permitAll)
authorize(anyRequest, authenticated)
}
addFilterAt(JwtAuthenticationFilter(authenticationManager()), AuthenticationFilter::class.java)
addFilterAt(BasicJwtAuthenticationFilter(authenticationManager()), BasicAuthenticationFilter::class.java)
sessionManagement { SessionCreationPolicy.STATELESS }
}
这个 kotlin dsl 是否与 java 代码具有相同的功能? kotlin dsl 没有addFilter
吗?
我可以减少具有相似代码( permitAll HTTP GET
)的冗余authorize
(在 Java 代码上,它使用了接受多种模式的permitAll HTTP GET
)?
您的 Kotlin 配置不等同于您共享的 Java 配置。
一、CORS配置
http
.cors()
.and()
// ...
下面是等效的 Kotlin 配置,因为您是启用 CORS 而不是禁用它。
http {
cors { }
}
二、会话管理配置
http
// ...
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
下面是等效的 Kotlin 配置,您要在其中分配 SessionCreationPolicy。
http {
sessionManagement {
sessionCreationPolicy = SessionCreationPolicy.STATELESS
}
}
关于addFilter
方法,在 Javadoc 中它指出
添加过滤器,该过滤器必须是安全框架中提供的过滤器之一的实例或扩展其中的一个过滤器。
如果您的自定义过滤器BasicJwtAuthenticationFilter
是BasicAuthenticationFilter
的实例,则 Kotlin 配置是正确的。
将所有这些加在一起,您将获得以下 Kotlin 配置
http {
cors { }
csrf { disable() }
authorizeRequests {
authorize(AntPathRequestMatcher(createUserUrl, HttpMethod.POST.name), permitAll)
authorize(AntPathRequestMatcher("favicon.ico", HttpMethod.GET.name), permitAll)
authorize(AntPathRequestMatcher("/v2/api-docs", HttpMethod.GET.name), permitAll)
authorize(AntPathRequestMatcher("/swagger-resources/**", HttpMethod.GET.name), permitAll)
authorize(AntPathRequestMatcher("/swagger-ui/**", HttpMethod.GET.name), permitAll)
authorize(AntPathRequestMatcher("/webjars/**", HttpMethod.GET.name), permitAll)
authorize(anyRequest, authenticated)
}
addFilterAt(JwtAuthenticationFilter(authenticationManager()), AuthenticationFilter::class.java)
addFilterAt(BasicJwtAuthenticationFilter(authenticationManager()), BasicAuthenticationFilter::class.java)
sessionManagement {
sessionCreationPolicy = SessionCreationPolicy.STATELESS
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.