Fatal编程技术网
  • java/
  • springxml到JAVA配置

springxml到JAVA配置

java spring spring-mvc

springxml到JAVA配置,java,spring,spring-mvc,Java,Spring,Spring Mvc,}是否必须在各种AntMatcher之间添加.and()?另外,您正在使用两个http.*调用,我认为可以用一个来完成。请参阅下面的代码 <bean class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/> <security:http use-expressions="false" entry-point-ref="loginEntryPo

}

是否必须在各种AntMatcher之间添加.and()?另外,您正在使用两个http.*调用,我认为可以用一个来完成。请参阅下面的代码

<bean class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>

<security:http use-expressions="false" entry-point-ref="loginEntryPoint">
    <security:custom-filter ref="customFormLoginFilter" position="FORM_LOGIN_FILTER"/>      
    <security:logout logout-url="/logout" logout-success-url="/login?logout=true"/>

    <security:intercept-url pattern="/appointments/*" access="ROLE_USER"/>
    <security:intercept-url pattern="/schedule/*" access="ROLE_FOO"/>
    <security:intercept-url pattern="/**" access="ROLE_ANONYMOUS, ROLE_USER"/>
</security:http>

<bean id="customFormLoginFilter" class="com.fetn.security.CustomAuthenticationFilter">
    <property name="filterProcessesUrl" value="/login"/>
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="usernameParameter" value="custom_username"/> 
    <property name="passwordParameter" value="custom_password"/> 
    <property name="authenticationSuccessHandler"> 
        <bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler"> 
            <property name="defaultTargetUrl" value="/"/> 
        </bean> 
    </property> 
    <property name="authenticationFailureHandler"> 
        <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"> 
            <property name="defaultFailureUrl" value="/login/failure?error=true"/>
        </bean> 
    </property> 
</bean>

<bean id="loginEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
    <constructor-arg value="/login"/>
</bean>

<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider ref="customAuthenticationProvider"/>
</security:authentication-manager>

@Configuration
 @EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter{
@Autowired
private AutoUserRepository autoUserRepository;

@Autowired
private CustomAuthenticationProvider customAuthenticationProvider;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {


        auth.authenticationProvider(customAuthenticationProvider);

    }



@Override
protected void configure(HttpSecurity http) throws Exception {





     http.authorizeRequests()

        .antMatchers("/appointments/*").access("hasRole('USER')").

        antMatchers("/schedule/*").access("hasRole('ADMIN')").and().exceptionHandling().authenticationEntryPoint(loginEntryPoint()).and().addFilterBefore(customFormLoginFilter(), UsernamePasswordAuthenticationFilter.class);

        http.logout().logoutUrl("/logout")
        .logoutSuccessUrl("/login?logout=true");





}


@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers("/resources/**");
}



@Bean
 public DefaultWebSecurityExpressionHandler  defaultWebSecurityExpressionHandler(){

     return new DefaultWebSecurityExpressionHandler();
 }



    @Bean
    public LoginUrlAuthenticationEntryPoint loginEntryPoint(){

        LoginUrlAuthenticationEntryPoint ent=new LoginUrlAuthenticationEntryPoint("/login");

        return ent;


    }


    @Bean
    public CustomAuthenticationFilter customFormLoginFilter() throws Exception{

        CustomAuthenticationFilter filter=new CustomAuthenticationFilter();

        //setting up super class property AbstractAuthenticationProcessingFilter
        filter.setFilterProcessesUrl("/login");//login url
        filter.setAuthenticationManager(authenticationManagerBean());
        filter.setUsernameParameter("custom_username");
        filter.setPasswordParameter("custom_username");
        filter.setAuthenticationSuccessHandler(savedRequestAwareAuthenticationSuccessHandler());
        filter.setAuthenticationFailureHandler(simpleUrlAuthenticationFailureHandler());


        return filter;

    }



    @Bean
    public SavedRequestAwareAuthenticationSuccessHandler savedRequestAwareAuthenticationSuccessHandler(){

        SavedRequestAwareAuthenticationSuccessHandler surl=new SavedRequestAwareAuthenticationSuccessHandler();
        surl.setDefaultTargetUrl("/");//url after seuuces login

        return surl;
    }

    @Bean
    SimpleUrlAuthenticationFailureHandler simpleUrlAuthenticationFailureHandler(){
        SimpleUrlAuthenticationFailureHandler faillure=new SimpleUrlAuthenticationFailureHandler();
        faillure.setDefaultFailureUrl("/login/failure?error=true");


        return  faillure;

    }


    @Bean
       @Override
       public AuthenticationManager authenticationManagerBean() throws Exception {
           return super.authenticationManagerBean();
       }

protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
            .antMatchers("/", "/home").permitAll()
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/login")
            .permitAll()
            .and()
        .logout()
            .permitAll();
}