我最近更新了RC1的spring-security-3.2.0.RC2,并根据博客文章删除了QUIESCENT_POST_PROCESSOR.在我以前创建一个AuthenticationManager bean之前,如下所示:
@Bean(name = {"defaultAuthenticationManager", "authenticationManager"})
public AuthenticationManager defaultAuthenticationManager() throws Exception {
return new AuthenticationManagerBuilder(null).userDetailsService(context.getBean(MyUserDetailsService.class)).passwordEncoder(new Md5PasswordEncoder()).and().build();
}
所以我把它改成了:
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws BeansException, Exception {
auth.userDetailsService(context.getBean(MyUserDetailsService.class)).passwordEncoder(new Md5PasswordEncoder());
}
但不幸的是我再也无法掌握AuthenticationManager了.我也是这样创建RememberMeAuthenticationFilter:
@Bean(name = { "defaultRememberMeAuthenticationFilter", "rememberMeAuthenticationFilter" })
protected RememberMeAuthenticationFilter defaultRememberMeAuthenticationFilter() throws Exception {
return new RememberMeAuthenticationFilter(defaultAuthenticationManager(), context.getBean(DefaultRememberMeServices.class));
}
所以你可以看到我需要掌握AuthenticationManager,但我不知道如何???
Rob*_*nch 15
你真的不需要掌握AuthenticationManager.从HttpSecurity的javadoc中,以下应该可以正常工作:
@Configuration
@EnableWebSecurity
public class RememberMeSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/**").hasRole("USER")
.and()
.formLogin()
.permitAll()
.and()
// Example Remember Me Configuration
.rememberMe();
}
}
当然,如果您使用全局AuthenticationManager,这也将起作用:
@Configuration
@EnableWebSecurity
public class RememberMeSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/**").hasRole("USER")
.and()
.formLogin()
.permitAll()
.and()
// Example Remember Me Configuration
.rememberMe();
}
}
唯一的区别是第一个示例将AuthenticationManger隔离到HttpSecurity,其中第二个示例将允许AuthenticationManager被全局方法安全性或另一个HttpSecurity(WebSecurityConfigurerAdapter)使用.
这样做的原因是.rememberMe()将自动找到AuthenticationManager,UserDetailsService并在创建RememberMeAuthenticationFilter时使用它.它还会创建相应的RememberMeServices,因此无需执行此操作.当然,如果要自定义它,还有.rememberMe()上的其他选项,因此请参阅RememberMeConfigurer javadoc以获取其他选项.
如果您真的需要对AuthenticationManager实例的引用,您可以执行以下操作:
@Configuration
@EnableWebSecurity
public class RememberMeSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private AuthenticationManagerBuilder auth;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
@Bean
public AuthenticationManager authenticationManager() {
return auth.build();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/**").hasRole("USER")
.and()
.formLogin()
.permitAll()
.and()
// Example Remember Me Configuration
.rememberMe();
}
}
如果要拥有多个AuthenticationManager实例,可以执行以下操作:
@Autowired
private ObjectPostProcessor<Object> opp;
public AuthenticationManager authenticationManager()
throws Exception {
return new AuthenticationManagerBuilder(opp)
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER").and()
.and()
.build();
}
public AuthenticationManager authenticationManager2()
throws Exception {
return new AuthenticationManagerBuilder(opp)
.inMemoryAuthentication()
.withUser("admin").password("password").roles("ADMIN").and()
.and()
.build();
}
注意除了使用QUIESENT_POST_PROCESSOR而不是使用@Autowired注释使用真正的ObjectPostProcessor之外,这与你手头的事情几乎相同.
PS:感谢你试试RC2吧!
| 归档时间: |
|
| 查看次数: |
10994 次 |
| 最近记录: |