HttpSecurity、WebSecurity 和 AuthenticationManagerBuilder

本文介绍了HttpSecurity、WebSecurity 和 AuthenticationManagerBuilder的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

谁能解释什么时候覆盖configure(HttpSecurity)、configure(WebSecurity) 和configure(AuthenticationManagerBuilder)?

Could anyone explain when to override configure(HttpSecurity), configure(WebSecurity) and configure(AuthenticationManagerBuilder)?

推荐答案

configure(AuthenticationManagerBuilder) 用于通过允许轻松添加 AuthenticationProviders 来建立身份验证机制:例如下面使用内置的用户"和管理员"登录定义了内存中的身份验证.

configure(AuthenticationManagerBuilder) is used to establish an authentication mechanism by allowing AuthenticationProviders to be added easily: e.g. The following defines the in-memory authentication with the in-built 'user' and 'admin' logins.

public void configure(AuthenticationManagerBuilder auth) {
    auth
        .inMemoryAuthentication()
        .withUser("user")
        .password("password")
        .roles("USER")
    .and()
        .withUser("admin")
        .password("password")
        .roles("ADMIN","USER");
}

configure(HttpSecurity) 允许基于选择匹配在资源级别配置基于 Web 的安全性 - 例如下面的示例将以/admin/开头的 URL 限制为具有 ADMIN 角色的用户，并声明任何其他 URL 都需要成功通过身份验证.

configure(HttpSecurity) allows configuration of web based security at a resource level, based on a selection match - e.g. The example below restricts the URLs that start with /admin/ to users that have ADMIN role, and declares that any other URLs need to be successfully authenticated.

protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
        .antMatchers("/admin/**").hasRole("ADMIN")
        .anyRequest().authenticated()
}

configure(WebSecurity) 用于影响全局安全性的配置设置(忽略资源、设置调试模式、通过实现自定义防火墙定义拒绝请求).例如，以下方法会导致任何以/resources/开头的请求在身份验证时被忽略.

configure(WebSecurity) is used for configuration settings that impact global security (ignore resources, set debug mode, reject requests by implementing a custom firewall definition). For example, the following method would cause any request that starts with /resources/ to be ignored for authentication purposes.

public void configure(WebSecurity web) throws Exception {
    web
        .ignoring()
        .antMatchers("/resources/**");
}

更多信息可以参考以下链接 Spring Security Java 配置预览:网络安全

You can refer to the following link for more information Spring Security Java Config Preview: Web Security

这篇关于HttpSecurity、WebSecurity 和 AuthenticationManagerBuilder的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！