spring security 自定义bean

最新推荐文章于 2024-10-21 10:01:44 发布
原创 最新推荐文章于 2024-10-21 10:01:44 发布 · 374 阅读 · 0 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#java

本文详细介绍了 Spring Security 的配置过程及各项配置的作用,包括安全过滤器链、身份验证、授权、会话管理和记住我等功能的实现。 
<beans
	xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:aop="http://www.springframework.org/schema/aop"
	xmlns:security="http://www.springframework.org/schema/security"
	xsi:schemaLocation="
		http://www.springframework.org/schema/beans 
		http://www.springframework.org/schema/beans/spring-beans-4.0.xsd 
		http://www.springframework.org/schema/aop 
        http://www.springframework.org/schema/aop/spring-aop-4.0.xsd
        http://www.springframework.org/schema/security 
		http://www.springframework.org/schema/security/spring-security.xsd ">
		
		
	<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">
		<security:filter-chain-map request-matcher="ant">
			<security:filter-chain pattern="/resources/**" filters="none" />
			<security:filter-chain pattern="/*.html" filters="none" />
			<security:filter-chain pattern="/**" filters="
		        securityContextPersistenceFilter,
		        concurrentSessionFilter,
		        webAsyncManagerIntegrationFilter,
		        csrfFilter,
		        logoutFilter,
		        usernamePasswordAuthenticationFilter,
		        basicAuthenticationFilter,
		        requestCacheAwareFilter,
		        securityContextHolderAwareRequestFilter,
		        rememberMeAuthenticationFilter,
		        anonymousAuthenticationFilter,
		        sessionManagementFilter,
		        exceptionTranslationFilter,
		        filterSecurityInterceptor
		        " />
    	</security:filter-chain-map>
  	</bean>
  	
  	<!-- SecurityContextPersistenceFilter -->
	<bean id="securityContextPersistenceFilter"
			class="org.springframework.security.web.context.SecurityContextPersistenceFilter">
		<constructor-arg ref="securityContextRepository" />
    	<property name="forceEagerSessionCreation" value="false" />
	</bean>
	<bean id="securityContextRepository"
			class="org.springframework.security.web.context.HttpSessionSecurityContextRepository">
		<property name="allowSessionCreation" value="true" />
		<property name="disableUrlRewriting" value="true" />
	</bean>
	
	<!-- CsrfFilter -->
	<bean id="csrfFilter"
			class="org.springframework.security.web.csrf.CsrfFilter">
		<constructor-arg ref="httpSessionCsrfTokenRepository" />
    	<property name="accessDeniedHandler" ref="accessDeniedHandler" />
	</bean>
	<bean id="httpSessionCsrfTokenRepository"
			class="org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository" />
			
	<!-- UsernamePasswordAuthenticationFilter -->
	<bean id="usernamePasswordAuthenticationFilter"
			class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
		<property name="authenticationManager" ref="authenticationManager" />
	    <property name="usernameParameter" value="username" />
	    <property name="passwordParameter" value="password" />
	    <property name="rememberMeServices" ref="persistentTokenBasedRememberMeServices" />
	    <property name="sessionAuthenticationStrategy" ref="compositeSessionAuthenticationStrategy" />
	    <property name="authenticationSuccessHandler" ref="savedRequestAwareAuthenticationSuccessHandler" />
	    <property name="authenticationFailureHandler" ref="simpleUrlAuthenticationFailureHandler" />
	    <property name="requiresAuthenticationRequestMatcher" ref="authenticationFilterProcessUrlRequestMatcher" />
	    <property name="allowSessionCreation" value="true"/>
	</bean>
	<bean id="savedRequestAwareAuthenticationSuccessHandler" 
			class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler" >
	    <property name="requestCache" ref="httpSessionRequestCache" />
	    <property name="defaultTargetUrl" value="/welcome.jsp" />
	</bean>
	<bean id="simpleUrlAuthenticationFailureHandler"
			class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
	    <constructor-arg value="/login.jsp?error" />
	    <property name="allowSessionCreation" value="true" />
	</bean>
	<bean id="authenticationFilterProcessUrlRequestMatcher" 
			class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
    	<constructor-arg value="/login" />
    	<constructor-arg value="POST" />
	</bean>


	<!-- AnonymousAuthenticationFilter -->
	<bean id="anonymousAuthenticationFilter"
			class="org.springframework.security.web.authentication.AnonymousAuthenticationFilter">
		<constructor-arg value="BF93JFJ091N00Q7HF" />
	</bean>
	<bean id="anonymousAuthenticationProvider"
			class="org.springframework.security.authentication.AnonymousAuthenticationProvider">
    	<constructor-arg type="java.lang.String" value="BF93JFJ091N00Q7HF"/>
	</bean>
	
	<!-- FilterSecurityInterceptor -->
	<bean id="filterSecurityInterceptor"
			class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
	    <property name="authenticationManager" ref="authenticationManager" />
	    <property name="accessDecisionManager" ref="affirmativeBased" />
		<property name="securityMetadataSource" ref="securityMetadataSource" />
		<!-- 
		<property name="securityMetadataSource">
			<security:filter-security-metadata-source use-expressions="true">
		        <security:intercept-url pattern="/*.html" access="permitAll" />
		        <security:intercept-url pattern="/login.jsp*" access="permitAll" />
				<security:intercept-url pattern="/login*" access="permitAll" />
				<security:intercept-url pattern="/security/**" access="hasRole('ROLE_ADMIN')" />
				<security:intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
			</security:filter-security-metadata-source>
		</property> -->
	</bean>
	<bean id="securityMetadataSource" class="com.jaeson.springstudy.security.URLFilterInvocationSecurityMetadataSource">
		<property name="resourceRepository" ref="resourceRepository" />
	</bean>
	<bean id="resourceRepository" class="com.jaeson.springstudy.security.ResourceRepository">
		<property name="dataSource" ref="dataSource" />
	</bean>
	<bean id="affirmativeBased" class="org.springframework.security.access.vote.AffirmativeBased">
		<constructor-arg type="java.util.List">
			<list>
		        <ref bean="expressionVoter" />
		        <ref bean="roleVoter" />
		        <ref bean="authenticatedVoter" />
			</list>
		</constructor-arg>
	</bean>
 	<bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter" />
 	<bean id="authenticatedVoter" class="org.springframework.security.access.vote.AuthenticatedVoter" />
	<bean id="expressionVoter" class="org.springframework.security.web.access.expression.WebExpressionVoter">
		<property name="expressionHandler" ref="expressionHandler" />
	</bean>
	<bean id="expressionHandler"
			class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler" />

	
	<!-- AuthenticationManager -->
	<bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
		<constructor-arg type="java.util.List">
			<list>
		        <ref bean="daoAuthenticationProvider" />
		        <ref bean="anonymousAuthenticationProvider" />
		        <ref bean="rememberMeAuthenticationProvider" />
			</list>
		</constructor-arg>
    	<property name="authenticationEventPublisher" ref="defaultAuthenticationEventPublisher" />
	</bean>
	<bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
	<bean id="defaultAuthenticationEventPublisher" 
			class="org.springframework.security.authentication.DefaultAuthenticationEventPublisher" />
	<bean id="daoAuthenticationProvider"
			class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
	    <property name="userDetailsService" ref="userDetailsService"/>
	    <property name="passwordEncoder" ref="passwordEncoder"/>
	</bean>
	<bean id="userDetailsService" class="org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl">
		<property name="dataSource" ref="dataSource" />
		<property name="usersByUsernameQuery" 
			value="SELECT username, password, enable FROM user WHERE username=?" />
		<property name="authoritiesByUsernameQuery" 
			value="SELECT u.username as username, r.rolename as rolename
					FROM user u
					JOIN user_group ug ON u.id=ug.user_id
					JOIN groups g ON ug.group_id=g.id
					JOIN group_role gr ON g.id=gr.group_id
					JOIN role r ON gr.role_id=r.id
					WHERE u.username=?" />
	</bean>
	
	<!-- LogoutFilter -->
	<bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
	    <constructor-arg type="java.lang.String" value="/logout.html"/>
	    <constructor-arg>
			<array>
				<ref bean="securityContextLogoutHandler" />
				<ref bean="cookieClearingLogoutHandler" />
		        <ref bean="persistentTokenBasedRememberMeServices" />
			</array>
		</constructor-arg>
		<property name="logoutRequestMatcher" ref="logoutFilterProcessUrlRequestMatcher" />
	</bean>
	<bean id="securityContextLogoutHandler"
      		class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler">
	    <property name="invalidateHttpSession" value="true"/>
	    <property name="clearAuthentication" value="true"/>
	</bean>
	<bean id="cookieClearingLogoutHandler"
      		class="org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler">
		<constructor-arg>
			<array>
				<value>JSESSIONID</value>
			</array>
		</constructor-arg>
	</bean>
	<bean id="logoutFilterProcessUrlRequestMatcher" 
  			class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
    	<constructor-arg value="/logout"/>
  	</bean>
  	
	<!-- RememberMeAuthenticationFilter -->
	<bean id="rememberMeAuthenticationFilter"
			class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
		<constructor-arg ref="authenticationManager"/>
		<constructor-arg ref="persistentTokenBasedRememberMeServices"/>
	</bean>
	<bean id="persistentTokenBasedRememberMeServices"
			class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices">
		<constructor-arg  type="java.lang.String" value="BoSk70Yar38~veg91DoCKs=sLaIn!met" />
		<constructor-arg 
			type="org.springframework.security.core.userdetails.UserDetailsService"
            ref="userDetailsService" />
    	<constructor-arg
			type="org.springframework.security.web.authentication.rememberme.PersistentTokenRepository"
        	ref="jdbcTokenRepository" />
	    <property name="cookieName" value="REMEMBER_ME" />
	    <property name="parameter" value="remember-me" />
	</bean>
	<bean id="jdbcTokenRepository"
			class="org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl">
		<property name="dataSource" ref="dataSource" />
	</bean>
	<bean id="rememberMeAuthenticationProvider"
			class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
		<constructor-arg value="BoSk70Yar38~veg91DoCKs=sLaIn!met"/>
	</bean>

	<!-- ExceptionTranslationFilter -->
	<bean id="exceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter">
	    <constructor-arg ref="loginUrlAuthenticationEntryPoint" />
	    <constructor-arg ref="httpSessionRequestCache" />
	    <property name="accessDeniedHandler" ref="accessDeniedHandler" />
	</bean>
	<bean id="loginUrlAuthenticationEntryPoint"
			class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
		<constructor-arg value="/login.jsp" />
	</bean>
	<bean id="accessDeniedHandler" class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
		<property name="errorPage" value="/accessDenied.html" />
	</bean>

	<!-- ConcurrentSessionFilter -->
	<bean id="concurrentSessionFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter">
	    <constructor-arg type="org.springframework.security.core.session.SessionRegistry" ref="sessionRegistry" />
	    <constructor-arg type="java.lang.String" value="/expire.html" />
		<property name="logoutHandlers">
			<array>
				<ref bean="securityContextLogoutHandler" />
				<ref bean="cookieClearingLogoutHandler" />
		        <ref bean="persistentTokenBasedRememberMeServices" />
			</array>
		</property>
	</bean>
	<!-- SessionManagementFilter -->
	<bean id="sessionManagementFilter" class="org.springframework.security.web.session.SessionManagementFilter">
	    <constructor-arg ref="securityContextRepository"/>
	    <constructor-arg ref="compositeSessionAuthenticationStrategy"/>
	    <property name="authenticationFailureHandler" ref="simpleUrlAuthenticationFailureHandler"/>
	</bean>

	<!-- SessionAuthenticationStrategy -->
	<bean id="compositeSessionAuthenticationStrategy"
			class="org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy">
		<constructor-arg>
			<list>
				<ref bean="csrfAuthenticationStrategy" />
		        <ref bean="sessionControlAuthenticationStrategy" />
		        <ref bean="sessionFixationProtectionStrategy" />
		        <ref bean="registerSessionAuthenticationStrategy" />
			</list>
		</constructor-arg>
	</bean>
	<bean id="csrfAuthenticationStrategy"
			class="org.springframework.security.web.csrf.CsrfAuthenticationStrategy">
		<constructor-arg ref="httpSessionCsrfTokenRepository"/>
	</bean>
	<bean id="sessionControlAuthenticationStrategy"
			class="com.jaeson.springstudy.security.MyConcurrentSessionControlAuthenticationStrategy">
			<!-- class="org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy"> -->
		<constructor-arg ref="sessionRegistry" />
		<property name="maximumSessions" value="1" />
		<property name="exceptionIfMaximumExceeded" value="true" />
	</bean>
	<bean id="sessionFixationProtectionStrategy"
			class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy">
		<property name="migrateSessionAttributes" value="true" />
	</bean>
	<bean id="registerSessionAuthenticationStrategy"
			class="com.jaeson.springstudy.security.MyRegisterSessionAuthenticationStrategy">
			<!-- class="org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy"> -->
    	<constructor-arg ref="sessionRegistry" />
	</bean>
	<!-- <bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl"/> -->
	<bean id="sessionRegistry" class="com.jaeson.springstudy.security.MySessionRegistryImpl" />
	
	<!-- SecurityContextHolderAwareRequestFilter -->
	<bean id="securityContextHolderAwareRequestFilter"
			class="org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter">
		<property name="authenticationManager" ref="authenticationManager" />
	</bean>	
	
	<!-- WebAsyncManagerIntegrationFilter -->
	<bean id="webAsyncManagerIntegrationFilter"
			class="org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter" />

	<!-- BasicAuthenticationFilter -->
	<bean id="basicAuthenticationFilter"
			class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter">
	    <constructor-arg ref="authenticationManager" />
	    <constructor-arg ref="basicAuthenticationEntryPoint" />
	</bean>
	<bean id="basicAuthenticationEntryPoint"
			class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint">
		<property name="realmName" value="Spring Security Application" />
	</bean>

	<!-- RequestCacheAwareFilter -->
	<bean id="requestCacheAwareFilter" class="org.springframework.security.web.savedrequest.RequestCacheAwareFilter">
		<constructor-arg ref="httpSessionRequestCache" />
	</bean>
	<bean id="httpSessionRequestCache" class="org.springframework.security.web.savedrequest.HttpSessionRequestCache">
	    <property name="createSessionAllowed" value="true" />
	</bean>	

	<!-- 页面标签权限功能依赖 -->
	<bean id="webInvocationFilter" 
			class="org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator">
		<constructor-arg ref="filterSecurityInterceptor" />
	</bean>

	<!-- 方法权限控制 -->
	<bean id="methodSecurityInterceptor" 
			class="org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor">
		<property name="authenticationManager" ref="authenticationManager" />
		<property name="accessDecisionManager" ref="methodAffirmativeBased" />
		<property name="securityMetadataSource">
			<security:method-security-metadata-source>
				<!-- 指定需要受保护的方法和需要的权限 -->
				<security:protect method="com.jaeson.springstudy.security.SessionRegistryExample.getOnline*" 
					access="ROLE_USER, ROLE_ADMIN" />
				<security:protect method="com.jaeson.springstudy.security.SessionRegistryExample.getActive*" 
					access="ROLE_ADMIN" />
				<security:protect method="com.jaeson.springstudy.security.SessionRegistryExample.test*" 
					access="IS_AUTHENTICATED_FULLY" />
			</security:method-security-metadata-source>
		</property>
	</bean>
	<bean id="methodAffirmativeBased" class="org.springframework.security.access.vote.AffirmativeBased">
		<constructor-arg type="java.util.List">
			<list>
		        <ref bean="roleVoter" />
		        <ref bean="authenticatedVoter" />
			</list>
		</constructor-arg>
	</bean>
	<!-- <bean id="methodExpressionHandler"
			class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler" /> -->
	<aop:config>
		<aop:pointcut id="securityMethodPointCut" expression="execution(* com.jaeson.springstudy.security.SessionRegistryExample.*(..))" />
		<aop:advisor advice-ref="methodSecurityInterceptor" pointcut-ref="securityMethodPointCut"/>
	</aop:config>
	
	<!-- Spring Security中定义了四个支持使用表达式的注解,分别是@PreAuthorize、@PostAuthorize、@PreFilter和@PostFilter。
		其中前两者可以用来在方法调用前或者调用后进行权限检查,后两者可以用来对集合类型的参数或者返回值进行过滤。 -->
	<!-- <security:global-method-security pre-post-annotations="enabled" /> -->
	
	<!-- JSR-250注解: @RolesAllowed -->
	<!-- <security:global-method-security jsr250-annotations="enabled"/> -->
</beans>

 

 

SpringSecurity 自定义登录页面
2012年开始工作,全栈开发老兵,目前已是一个老师,分享这么多年的心得体会
09-18 317
SpringSecurity使用logout功能时, 退出请求必须是post请求, 否则报404错误. 原因是spring security默认开启了csrf功能.1、可以使用form形式, 使用submit post到/logout. 使用post请求不需要关闭csrf功能.2、如果不使用post请求, 可以把csrf功能关掉, 如下面代码中的最后一行.增加关闭csrf配置。
spring security自定义用户登入
m0_46392265的博客
06-15 544
2.创建实体类实现UserDetailsService接口。1.设置security的配置类。
Spring Security3》第六章第六部分翻译(Spring Security基于bean的高级配置)
张卫滨的技术记录
11-22 167
Spring Security基于bean的高级配置   正如我们在前面几页中看到的那样,基于beanSpring Security配置尽管比较复杂,但是提供了一定层次的灵活性,如果复杂应用需要超过security XML命名空间风格配置所允许的功能时会用到。          我们将利用这个章节来阐明可用的一些配置选项以及怎么使用。尽管我们不能提供每个可能属性的细节,但是我们鼓励...
spring security 方法安全表达式 使用参数 调用bean 自定义校验方法
路过君的博客
07-18 1220
spring security 方法安全表达式 使用参数 调用bean 自定义校验方法
spring security xml配置官方详解
不甘平庸的人
05-02 1万+
6. Security Namespace Configuration 6.1 Introduction 自2.0版本的spring框架以来,命名空间配置已可用。 它允许您使用来自附加XML模式的元素来补充传统的Spring beans应用程序上下文语法。 您可以在Spring参考文档中找到更多信息。 命名空间元素可以简单地用于允许配置单个bean的更简洁的方式,或者更有力地定义更紧密地匹
SpringSecurity使用@PreAuthorize、@PostAuthorize实现Web系统权限认证
u011930054的博客
07-17 5287
SpringSecurity可以使用@PreAuthorize和@PostAuthorize进行访问控制,下面进行说明。 项目使用Springboot2.3.3+SpringSecurtiy+Mbatis实现。 首先先引入pom.xml <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artif
Spring学习笔记之保护方法应用
薛小强Forever
06-01 1003
在本章中我们将会看到如何使用Spring Security保护bean方法。
Spring security 自定义 token 身份验证
最新发布
让 Java 再次伟大!
10-21 841
既然 Spring securtiy 的核心是 Filter chains,那我们只需要定义一个符合 security 标准的 filter ,再把自己的 chain 加入到 VirtualFilterChain 里面,就可以自定义身份验证的认证逻辑了。more之前提到过,大部分身份认证相关的过滤器都继承了 AbstractAuthenticationProcessingFilter。但是这一次我们让接下来的自定义过滤器不选择继承它,而是继承 OncePerRequestFilter。
SpringSecurity自定义认证授权过滤器
几许的博客
10-19 1031
SpringSecurity内置的认证过滤器是基于post请求且为form表单的方式获取认证数据的,那如何接收前端Json异步提交的数据据实现认证操作呢?​ 显然,我们可仿照UsernamePasswordAuthentionFilter类自定义一个过滤器并实现认证过滤逻辑;/***//*** 设置构造,传入自定义登录url地址*/@Override//判断请求方法必须是post提交,且提交的数据的内容必须是application/json格式的数据。
Springsecurity 自定义AuthenticationManager
冬阳
08-24 2013
一旦通过configure 方法自定义 AuthenticationManager实现 需要在实现中指定认证数据源对象UserDetailService/*** 配置自定义数据源,覆盖系统默认的数据源
@PreAuthorize中的自定义类主体(Custom class principal in @PreAuthorize)
dream8062的专栏
06-09 2881
PermissionService(自定义类) package com.jrljs.admin.common.security.component; import cn.hutool.core.util.StrUtil; import lombok.extern.slf4j.Slf4j; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAutho
Springboot整合SpringSecurity(五)——Spring Security使用@PreAuthorize,@PostAuthorize
lyy的博客
01-12 9851
我要先吐槽一下,关于这方面的知识,网上很多博客都是直接翻译的官方文档,emmmm,里面有很多翻译不准确的地方,以及没有强调的关键地方,(好多博客都代码不全),导致我实现这个功能花了好多时间,不过还是实现了。下面就一如既往的简单粗暴的施展罗列代码大法。 第一步:准备一个实体类 package com.example.learnsecurity.learnsecurity.enti...
Spring Boot (三)集成spring security
a286352250的博客
11-14 8123
项目GitHub地址 : https://github.com/FrameReserve/TrainingBoot Spring Boot (三)集成spring security,标记地址: https://github.com/FrameReserve/TrainingBoot/releases/tag/0.0.3 pom.xml 只列举 Spring S
@Component 和 @PreAuthorize 问题
wei_ya_wen的专栏
01-10 2969
今天尝试用 spring security 来保护 业务层 的方法。使用了@PreAuthorize 定义一个 接口 IUser public interface IUser { @PreAuthorize("hasRole('ROLE_ADMIN')") public void say(); } @PreAuthorize注解定义了当 拥有 ROLE_ADMIN 权
15.Spring Boot 使用Spring security
热门推荐
编码语言Codelang
01-03 3万+
玩转Spring Boot 使用Spring security Spring Boot与Spring Security在一起开发非常简单,充分体现了自动装配的强大,Spring SecuritySpring Boot官方推荐使用的安全框架。配置简单,功能强大。接下来将说说Spring Boot使用Spring security进行安全控制。
利用@PreAuthorize注解自定义权限校验
weixin_47345400的博客
09-18 2万+
利用@PreAuthorize注解自定义权限校验 使用场景: 由于项目中,需要对外开放接口,要求做请求头校验,不做其他权限控制.所以准备对开放的接口全部放行,不做登录校验.想到之前用这个注解来实现管理后台的权限校验,所以为了方便在需要对外开放的接口贴上注解即可.记录一下实现过程. 开启@EnableGlobalMethodSecurity(prePostEnabled = true)注解, 在继承 WebSecurityConfigurerAdapter 这个类的类上面贴上这个注解.并且prePostEn
Spring Security 自定义过滤链filters
iteye_11819的博客
05-15 723
spring security过滤链filter的顺序参考, 查看org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.createFilterChain代码: //定义未排序filter集合。该集合中的对象为OrderDecorator实例。 List&lt;Or...
SpringSecurity源码解读(三) AbstractAuthenticationProcessFilter和UsernamePasswordAuthenticationFilter补全
feijingguan的博客
08-11 1904
前言: 1、第一眼看内部类是萌比的,因为内部类的匹配规则有点让人看傻眼。因为defaultFilterProcessUrl的来源是不清楚的。后来才知道,要结合实现类来看,才清楚的。那么也就是说,当我们自己写实现类的时候,需要注意,要给defaultFilterProcessUrl一个默认值. 2、上面的资料并没有给出AbstractAuthenticationProcessFilter的构造器
SpringSecurity总结
weixin_34354173的博客
06-29 144
2019独角兽企业重金招聘Python工程师标准>>> ...
评论
成就一亿技术人!
拼手气红包6.0元
还能输入1000个字符
 
红包 添加红包
表情包 插入表情
表情包 代码片
 条评论被折叠 查看
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值