Java代码中FilterSecurityInterceptor的Set属性
我想像这样使用Spring在我的Java代码中FilterSecurityInterceptor的Set属性,java,spring,spring-security,Java,Spring,Spring Security,我想像这样使用Spring在我的AbstractSecurityInterceptor中设置alwaysReauthenticate <bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor"> <property name="alwaysReauthenticate" value="tru
AbstractSecurityInterceptor
中设置alwaysReauthenticate
<bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
<property name="alwaysReauthenticate" value="true"/>
...
</bean>
...
但我不想为此使用XML文件。我想在Java代码中设置该属性,可能是
@Configuration
查看下面的JavaConfig,了解如何设置该属性,您也可以这样做
@配置
@启用Web安全性
公共类WebSecurityConfig扩展了WebSecurityConfigureAdapter{
//..
@凌驾
受保护的无效配置(HttpSecurity http)引发异常{
http
.授权请求()
.antMatchers(“/**”).permitAll()
.anyRequest().authenticated()
.withObjectPostProcessor(新的ObjectPostProcessor(){
公共O后处理(O fsi){
fsi.setAlwaysReseAuthenticate(真);
返回fsi;
}
}).和();//从这里开始继续
}
//..
}
ExpressionUrlAuthorizationConfigurer.expressionIntercepturlRegistry类型的authenticated()方法未定义。您是在编译时还是在运行时?在编译时获得该方法
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
//..
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/**").permitAll()
.anyRequest().authenticated()
.withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
public <O extends FilterSecurityInterceptor> O postProcess(O fsi) {
fsi.setAlwaysReauthenticate(true);
return fsi;
}
}).and(); //continue from here on
}
//..
}