本文介绍了HttpSecurity,WebSecurity和AuthenticationManagerBuilder的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

有人可以解释何时覆盖 configure(HttpSecurity) configure(WebSecurity)配置(AuthenticationManagerBuilder)

Could anyone explain when to override configure(HttpSecurity), configure(WebSecurity) and configure(AuthenticationManagerBuilder)?

推荐答案

configure(AuthenticationManagerBuilder)用于通过允许轻松添加AuthenticationProviders来建立身份验证机制:例如下面使用内置的用户和管理员登录定义内存中身份验证。

configure(AuthenticationManagerBuilder) is used to establish an authentication mechanism by allowing AuthenticationProviders to be added easily: e.g. The following defines the in-memory authentication with the in-built 'user' and 'admin' logins.

public void configure(AuthenticationManagerBuilder auth) {
    auth
        .inMemoryAuthentication()
        .withUser("user")
        .password("password")
        .roles("USER")
    .and()
        .withUser("admin")
        .password("password")
        .roles("ADMIN","USER");
}

configure(HttpSecurity)允许配置基于Web的基于选择匹配的资源级别的安全性 - 例如下面的示例将以/ admin /开头的URL限制为具有ADMIN角色的用户,并声明需要成功验证任何其他URL。

configure(HttpSecurity) allows configuration of web based security at a resource level, based on a selection match - e.g. The example below restricts the URLs that start with /admin/ to users that have ADMIN role, and declares that any other URLs need to be successfully authenticated.

protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
        .antMatchers("/admin/**").hasRole("ADMIN")
        .anyRequest().authenticated()
}

configure (WebSecurity)用于影响全局安全性的配置设置(忽略资源,设置调试模式,通过实现自定义防火墙定义来拒绝请求)。例如,以下方法将导致以/ resources /开头的任何请求被忽略以进行身份​​验证。

configure(WebSecurity) is used for configuration settings that impact global security (ignore resources, set debug mode, reject requests by implementing a custom firewall definition). For example, the following method would cause any request that starts with /resources/ to be ignored for authentication purposes.

public void configure(WebSecurity web) throws Exception {
    web
        .ignoring()
        .antMatchers("/resources/**");
}

您可以参考以下链接获取更多信息

You can refer to the following link for more information Spring Security Java Config Preview: Web Security

这篇关于HttpSecurity,WebSecurity和AuthenticationManagerBuilder的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-09 03:29