本文介绍从 Spring Boot 1.5.10 升级到 2.0.0 的过程及遇到的问题,包括配置项变化、JDK 版本更新、Thymeleaf 和 Spring Security 版本升级等。特别关注了 Spring Security 5.0.3 中 PasswordEncoder 的变化。
springboot2终于发布,我尝试从1.5.10升级到2.0.0版本。和预期的一样,出现了各种各样的小问题。
1.一些配置项在2.0版本被删除掉了,比如server.context-path ,security.ignored被移除掉了。
server.context-path 使用新的server.servlet.context-path
security.ignored直接移除。springboot不再提供默认配置。必须在代码中配置:
@Value("${security.ignored:/css/**, /js/**,/images/**, /webjars/**, /**/favicon.ico,/Hplus4.1/**,/assets/**}")
String[] antPatterns;
//Spring Boot configured this already.
@Override
public void configure(WebSecurity web) {
web.ignoring().antMatchers(antPatterns);
// web.ignoring().requestMatchers(PathRequest.toStaticResources().atCommonLocations());
}2.springboot2的默认的JDK版本为1.8,还在使用1.6的同学就要先升级JDK啦。里面很多代码都使用lambda表达式。使用thymeleaf3.0版本,spring security升级到5.0.3.
3.spring security升级到5.0.3后碰到的一些问题,默认PasswordEncoder不再需要salt,原有的PasswordEncoder被彻底从源码中删除。默认的实现是PasswordEncoderFactories生成的DelegatingPasswordEncoder,如果使用默认的DelegatingPasswordEncoder,密码配置格式为{加密方式}加密后的密文
/**
* Used for creating {@link PasswordEncoder} instances
* @author Rob Winch
* @since 5.0
*/
public class PasswordEncoderFactories {
/**
* Creates a {@link DelegatingPasswordEncoder} with default mappings. Additional
* mappings may be added and the encoding will be updated to conform with best
* practices. However, due to the nature of {@link DelegatingPasswordEncoder} the
* updates should not impact users. The mappings current are:
*
* <ul>
* <li>bcrypt - {@link BCryptPasswordEncoder} (Also used for encoding)</li>
* <li>ldap - {@link LdapShaPasswordEncoder}</li>
* <li>MD4 - {@link Md4PasswordEncoder}</li>
* <li>MD5 - {@code new MessageDigestPasswordEncoder("MD5")}</li>
* <li>noop - {@link NoOpPasswordEncoder}</li>
* <li>pbkdf2 - {@link Pbkdf2PasswordEncoder}</li>
* <li>scrypt - {@link SCryptPasswordEncoder}</li>
* <li>SHA-1 - {@code new MessageDigestPasswordEncoder("SHA-1")}</li>
* <li>SHA-256 - {@code new MessageDigestPasswordEncoder("SHA-256")}</li>
* <li>sha256 - {@link StandardPasswordEncoder}</li>
* </ul>
*
* @return the {@link PasswordEncoder} to use
*/
public static PasswordEncoder createDelegatingPasswordEncoder() {
String encodingId = "bcrypt";
Map<String, PasswordEncoder> encoders = new HashMap<>();
encoders.put(encodingId, new BCryptPasswordEncoder());
encoders.put("ldap", new LdapShaPasswordEncoder());
encoders.put("MD4", new Md4PasswordEncoder());
encoders.put("MD5", new MessageDigestPasswordEncoder("MD5"));
encoders.put("noop", NoOpPasswordEncoder.getInstance());
encoders.put("pbkdf2", new Pbkdf2PasswordEncoder());
encoders.put("scrypt", new SCryptPasswordEncoder());
encoders.put("SHA-1", new MessageDigestPasswordEncoder("SHA-1"));
encoders.put("SHA-256", new MessageDigestPasswordEncoder("SHA-256"));
encoders.put("sha256", new StandardPasswordEncoder());
return new DelegatingPasswordEncoder(encodingId, encoders);
}
private PasswordEncoderFactories() {}
} @Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
/* auth.inMemoryAuthentication()
.withUser("user").password("{noop}password").roles("USER")
.and()
.withUser("admin").password("{noop}password").roles("ADMIN")
.and()
.withUser("test").password("{noop}password").roles("ADMIN");*/
auth.inMemoryAuthentication().passwordEncoder(NoOpPasswordEncoder.getInstance())
.withUser("user").password("password").roles("USER")
.and()
.withUser("admin").password("password").roles("ADMIN")
.and()
.withUser("test").password("password").roles("ADMIN");
auth.authenticationProvider(new UserSignAuthenticationProvider());
}4需要显式指定spring-security-oauth和spring-session依赖版本。springboot2可能还没有做好对这两个组件的测试
<spring-security-jwt.version>1.0.9.RELEASE</spring-security-jwt.version>
<spring-security-oauth.version>2.2.1.RELEASE</spring-security-oauth.version>
<spring-session.version>1.3.1.RELEASE</spring-session.version>springboot2.0分支:https://gitee.com/json20080301/spring-boot-spring-security-thymeleaf/tree/master/
原有的1.5.10在另外一个分支上:https://gitee.com/json20080301/spring-boot-spring-security-thymeleaf/tree/1.5.10/
扫一扫
794
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
