我正在创建一个Spring Security配置,以供任何想要创建由Spring Security保护的Stormpath Spring应用程序的开发人员用作库.
对于我有子类WebSecurityConfigurerAdapter,定义了Stormpath访问控件configure(HttpSecurity)以及与Stormpath AuthenticationProvider借助于configure(AuthenticationManagerBuilder).所有这些都可以在这个抽象类及其具体的子类中看到:
@Order(99)
public abstract class AbstractStormpathWebSecurityConfiguration extends WebSecurityConfigurerAdapter {
//Removed properties and beans for the sake of keeping focus on the important stuff
/**
* The pre-defined Stormpath access control settings are defined here.
*
* @param http the {@link HttpSecurity} to be modified
* @throws Exception if an error occurs
*/
protected void configure(HttpSecurity http, AuthenticationSuccessHandler successHandler, LogoutHandler logoutHandler)
throws Exception {
if (loginEnabled) {
http
.formLogin() …