Java Spring安全配置Kotlin DSL
因此,我的configurer适配器中包含以下java代码:Java Spring安全配置Kotlin DSL,java,spring-boot,kotlin,spring-security,Java,Spring Boot,Kotlin,Spring Security,因此,我的configurer适配器中包含以下java代码: http.cors().and().csrf().disable() .authorizeRequests().antMatchers(HttpMethod.POST, Constants.CREATE_USER_URL).permitAll() .and().authorizeRequests().antMatchers(HttpMethod.GET, "/v2/api-docs", "
http.cors().and().csrf().disable()
.authorizeRequests().antMatchers(HttpMethod.POST, Constants.CREATE_USER_URL).permitAll()
.and().authorizeRequests().antMatchers(HttpMethod.GET, "/v2/api-docs", "/swagger-resources/**", "/swagger-ui/**", "/swagger-ui.html**", "/webjars/**", "favicon.ico").permitAll().anyRequest().authenticated()
.and().addFilter(new JwtAuthenticationFilter(authenticationManager())).addFilter(new BasicJwtAuthenticationFilter(authenticationManager()))
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
我尝试使用新的Kotlin DSL:
http {
cors { disable() }
csrf { disable() }
authorizeRequests {
authorize(AntPathRequestMatcher(createUserUrl, HttpMethod.POST.name), permitAll)
authorize(AntPathRequestMatcher("favicon.ico", HttpMethod.GET.name), permitAll)
authorize(AntPathRequestMatcher("/v2/api-docs", HttpMethod.GET.name), permitAll)
authorize(AntPathRequestMatcher("/swagger-resources/**", HttpMethod.GET.name), permitAll)
authorize(AntPathRequestMatcher("/swagger-ui/**", HttpMethod.GET.name), permitAll)
authorize(AntPathRequestMatcher("/webjars/**", HttpMethod.GET.name), permitAll)
authorize(anyRequest, authenticated)
}
addFilterAt(JwtAuthenticationFilter(authenticationManager()), AuthenticationFilter::class.java)
addFilterAt(BasicJwtAuthenticationFilter(authenticationManager()), BasicAuthenticationFilter::class.java)
sessionManagement { SessionCreationPolicy.STATELESS }
}
这个kotlin dsl是否与java代码具有相同的功能?kotlin dsl是否没有addFilter
我是否可以减少冗余
授权
(在Java代码上,它使用了接受多种模式的AntMatcher)具有类似代码(permitAll HTTP GET
)?您的Kotlin配置与您共享的Java配置不同
首先,CORS配置
http
.cors()
.及()
// ...
下面是等效的Kotlin配置,因为您正在启用CORS而不是禁用它
http{
cors{}
}
第二,会话管理配置
http
// ...
.sessionManagement().sessionCreationPolicy(sessionCreationPolicy.STATELESS);
下面是等效的Kotlin配置,您希望在其中分配SessionCreationPolicy
http {
sessionManagement {
sessionCreationPolicy = SessionCreationPolicy.STATELESS
}
}
关于addFilter
方法,它在Javadoc中声明
添加必须是安全框架中提供的某个筛选器的实例或扩展该筛选器的筛选器
如果自定义过滤器BasicJwtAuthenticationFilter
是BasicAuthenticationFilter
的实例,则Kotlin配置正确
将所有这些加在一起,您将得到以下Kotlin配置
http{
cors{}
csrf{disable()}
批准请求{
授权(AntPathRequestMatcher(createUserUrl,HttpMethod.POST.name),permitAll)
授权(AntPathRequestMatcher(“favicon.ico”、HttpMethod.GET.name)、permitAll)
授权(AntPathRequestMatcher(“/v2/api文档”,HttpMethod.GET.name),permitAll)
授权(AntPathRequestMatcher(“/swagger resources/**”,HttpMethod.GET.name),permitAll)
授权(AntPathRequestMatcher(“/swagger ui/**”,HttpMethod.GET.name),permitAll)
授权(AntPathRequestMatcher(“/webjars/**”,HttpMethod.GET.name),permitAll)
授权(任何请求,已验证)
}
addFilterAt(JwtAuthenticationFilter(authenticationManager()),AuthenticationFilter::class.java)
addFilterAt(BasicJwtAuthenticationFilter(authenticationManager()),BasicAuthenticationFilter::class.java)
会话管理{
sessionCreationPolicy=sessionCreationPolicy.STATELESS
}
}
另一个选项是使用授权(EndpointRequest.to(“/a”、“/b”、“/c”),permitAll)
,尽管我不认为您可以指定允许使用哪个确切的HTTP方法,所以它允许所有方法。@kdev我尝试在kotlin dsl内部使用for循环。这种方法有什么问题吗??它已编译,运行正常,但尚未正确测试。没有发现任何错误。您可以在dsl上创建扩展方法,并将其称为相同的authorize
,它接受:HTTP方法和vararg字符串端点作为参数,并在方法内部迭代和注册它们