Java 可以拆分spring的SecurityConfig吗?
我有一个与Java 可以拆分spring的SecurityConfig吗?,java,spring,spring-mvc,spring-boot,gradle,Java,Spring,Spring Mvc,Spring Boot,Gradle,我有一个与childA和childB合作的项目 我想配置childA中的childA控制器和childB中的childB控制器的安全性 到目前为止,我有以下SecurityConfig: @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class SecurityConfig extends WebSecurityConfigurerAdapter {
childA
和childB
合作的项目
我想配置childA
中的childA
控制器和childB
中的childB
控制器的安全性
到目前为止,我有以下SecurityConfig
:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CookieProperties cookieProperties;
@Autowired
private LdapUserDetailsManager userDetailsService;
@Autowired
private AuthenticationSuccessHandler authenticationSuccessHandler;
@Autowired
private AuthenticationEntryPoint authenticationEntryPoint;
@Autowired
private AuthenticationFailureHandler authenticationFailureHandler;
@Autowired
private AccessDeniedHandler accessDeniedHandler;
@Autowired
private LogoutSuccessHandler logoutSuccessHandler;
@Autowired
private LdapProperties ldapProperties;
@Autowired
private Environment environment;
@Bean(name = BeanIds.AUTHENTICATION_MANAGER)
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public LdapDaoAuthenticationProvider ldapDaoAuthenticationProvider(LdapProperties ldapProperties) {
LdapDaoAuthenticationProvider provider = new LdapDaoAuthenticationProvider();
provider.setUserDetailsService(userDetailsService);
provider.setLdapProperties(ldapProperties);
provider.setPasswordEncoder(passwordEncoder());
return provider;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(ldapDaoAuthenticationProvider(ldapProperties));
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.requestMatcher(
// how to move this in another file ?
new OrRequestMatcher(
new AntPathRequestMatcher(ChildAHttpPathStore.PATH_SOMETHING),
new AntPathRequestMatcher(ChildBHttpPathStore.PATH_SOMETHING),
)
)
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.NEVER)
.and()
.csrf()
.csrfTokenRepository(corsCookieCsrfTokenRepository())
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET, CoreHttpPathStore.PING).permitAll()
.anyRequest().hasAnyAuthority(
UserManagement.ROLE_AUTH_SERVICE
)
.and()
.exceptionHandling()
.accessDeniedHandler(accessDeniedHandler)
.authenticationEntryPoint(authenticationEntryPoint)
.and()
.formLogin()
.loginProcessingUrl(CoreHttpPathStore.LOGIN)
.successHandler(authenticationSuccessHandler)
.failureHandler(authenticationFailureHandler)
.permitAll()
.and()
.logout()
.logoutUrl(CoreHttpPathStore.LOGOUT)
.logoutSuccessUrl(CoreHttpPathStore.LOGIN_FROM_LOGOUT)
.logoutSuccessHandler(logoutSuccessHandler)
.permitAll()
.and()
.headers().cacheControl().disable();
}
@Bean(name = "userPasswordEncoder")
public LdapShaPasswordEncoder passwordEncoder() {
return new LdapShaPasswordEncoder();
}
@Bean
public CookieSerializer cookieSerializer() {
DefaultCookieSerializer serializer = new DefaultCookieSerializer();
if (null != cookieProperties.getName()) { serializer.setCookieName(cookieProperties.getName()); }
if (null != cookieProperties.getPath()) { serializer.setCookiePath(cookieProperties.getPath()); }
if (null != cookieProperties.getHttpOnly()) { serializer.setUseHttpOnlyCookie(cookieProperties.getHttpOnly()); }
if (null != cookieProperties.getMaxAge()) { serializer.setCookieMaxAge(cookieProperties.getMaxAge()); }
if (null != cookieProperties.getSecure()) { serializer.setUseSecureCookie(cookieProperties.getSecure()); }
if (null != cookieProperties.getDomain()) { serializer.setDomainName(cookieProperties.getDomain()); }
return serializer;
}
@Bean
public CorsCookieCsrfTokenRepository corsCookieCsrfTokenRepository(){
CorsCookieCsrfTokenRepository repository = new CorsCookieCsrfTokenRepository();
repository.setCookieHttpOnly(false);
repository.setHeaderName("X-XSRF-TOKEN");
repository.setCookiePath(cookieProperties.getPath());
repository.setCookieDomain(cookieProperties.getDomain());
repository.setCookieName("XSRF-TOKEN");
return repository;
}
}
是否可以拆分此配置 如果您需要编写多个HttpSecurity,最简单的方法是创建一个通用配置,其中包含一些用于配置HttpSecurity的内部@configuration类
@EnableWebSecurity
public class MultiHttpSecurityConfig {
@Bean
public UserDetailsService userDetailsService() throws Exception {
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
manager.createUser(User.withUsername("user").password("password").roles("USER").build());
manager.createUser(User.withUsername("admin").password("password").roles("USER","ADMIN").build());
return manager;
}
@Configuration
@Order(1)
public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/api/**")
.authorizeRequests()
.anyRequest().hasRole("ADMIN")
.and()
.httpBasic();
}
}
@Configuration
public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin();
}
}
}
您可以在需要的地方分离并使用@import导入。我是否只需使用http.requestMatcher(/mypath)编写configure方法,它就能工作?之后的链呢?我使用两个不同的项目,所以这个类需要在两个不同的文件中。你看起来像这样吗?这太复杂了。我只希望能够在每个包中声明匹配项,而不是将所有匹配项(使用antMatcher配置)存储在一个文件中。