Spring Security Config : HttpSecurity安全配置器 SecurityContextConfigurer_customizesecuritycontextrepository 如何配置放开-优快云博客

本文链接：https://blog.youkuaiyun.com/andy_zhang2007/article/details/92388255

本文详细介绍了在Spring Security中如何配置SecurityContext，包括通过SecurityContextConfigurer进行安全上下文存储库的设定，以及如何根据会话创建策略调整过滤器属性。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

概述

介绍

作为一个配置HttpSecurity的SecurityConfigurer,SecurityContextConfigurer的配置任务如下 :

配置如下安全过滤器Filter
- SecurityContextPersistenceFilter
  - 如果存在共享对象SecurityContextRepository，则使用它作为安全上下文存储库，否则创建一个实现类型为HttpSessionSecurityContextRepository的存储库并使用
  - 如果配置器SessionManagementConfigurer中配置的会话创建策略SessionCreationPolicy为ALWAYS的话,则将过滤器属性forceEagerSessionCreation设置为true

继承关系

SecurityContextConfigurer

使用

	// HttpSecurity 源代码片段
    public SecurityContextConfigurer<HttpSecurity> securityContext() throws Exception {
		return getOrApply(new SecurityContextConfigurer<>());
	}

源代码

源代码版本 Spring Security Config 5.1.4.RELEASE

package org.springframework.security.config.annotation.web.configurers;

// 省略 imports

public final class SecurityContextConfigurer<H extends HttpSecurityBuilder<H>> extends
		AbstractHttpConfigurer<SecurityContextConfigurer<H>, H> {

	/**
	 * Creates a new instance
	 * @see HttpSecurity#securityContext()
	 */
	public SecurityContextConfigurer() {
	}

	/**
	 * Specifies the shared SecurityContextRepository that is to be used
	 * @param securityContextRepository the SecurityContextRepository to use
	 * @return the HttpSecurity for further customizations
	 */
	public SecurityContextConfigurer<H> securityContextRepository(
			SecurityContextRepository securityContextRepository) {
		getBuilder().setSharedObject(SecurityContextRepository.class,
				securityContextRepository);
		return this;
	}

	@Override
	@SuppressWarnings("unchecked")
	public void configure(H http) throws Exception {

       // 准备创建  SecurityContextPersistenceFilter 过滤器所需要使用的
       // 安全上下文仓库对象 SecurityContextRepository
       // 首相从构建器 http 中尝试获取 SecurityContextRepository 共享对象，
       //  如果没有找到，则创建一个 SecurityContextRepository， 实现类使用
       // HttpSessionSecurityContextRepository
		SecurityContextRepository securityContextRepository = http
				.getSharedObject(SecurityContextRepository.class);
		if (securityContextRepository == null) {
			securityContextRepository = new HttpSessionSecurityContextRepository();
		}
        
       // 创建 过滤器 SecurityContextPersistenceFilter
		SecurityContextPersistenceFilter securityContextFilter = new SecurityContextPersistenceFilter(
				securityContextRepository);
       
       // 尝试获取和应用配置器 SessionManagementConfigurer 中的 会话创建策略，       
		SessionManagementConfigurer<?> sessionManagement = http
				.getConfigurer(SessionManagementConfigurer.class);
		SessionCreationPolicy sessionCreationPolicy = sessionManagement == null ? null
				: sessionManagement.getSessionCreationPolicy();
		if (SessionCreationPolicy.ALWAYS == sessionCreationPolicy) {
			securityContextFilter.setForceEagerSessionCreation(true);
		}
		securityContextFilter = postProcess(securityContextFilter);
		http.addFilter(securityContextFilter);
	}
}