Spring Security Java配置

Question

我在Spring MVC項目中使用基於XML的安全配置：

<security:http use-expressions="true"
               authentication-manager-ref="authenticationManager">
    <security:intercept-url pattern="/" access="permitAll"/>
    <security:intercept-url pattern="/dashboard/home/**" access="hasAnyRole('ROLE_USER, ROLE_ADMIN')"/>
    <security:intercept-url pattern="/dashboard/users/**" access="hasRole('ROLE_ADMIN')"/>
    <security:intercept-url pattern="/rest/users/**" access="hasRole('ROLE_ADMIN')"/>
    <security:form-login login-page="/"/>
</security:http>

我有疑問：是否可以通過Java配置完全替換它？ 什么注釋以及我應該在哪里使用“use-expressions”，“intercept-url”等？

Answer 1

是的，如果您使用的是Spring security 3.2及更高版本，它將是這樣的：

@Configuration
@EnableWebSecurity
public class MyWebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/resources/**");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/").permitAll()
                .antMatchers("/dashboard/home/**").hasAnyRole("USER", "ADMIN")
                .antMatchers("/dashboard/users/**").hasRole("ADMIN")
                .antMatchers("/rest/users/**").hasRole("ADMIN")
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .loginPage("/")
                .permitAll();
    }

    // Possibly more overridden methods ...
}