• SpringSecurity项目中如何在多个模块中配置认证信息

    ⒈在SpringSecurity项目中创建AuthorizeConfigProvider接口用于配置认证信息

    1 package cn.coreqi.ssoserver.authorize;
2 
3 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
4 import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
5 
6 public interface AuthorizeConfigProvider {
7     void config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config);
8 }

    ⒉我们实现此接口

     1 package cn.coreqi.ssoserver.authorize.impl;
 2 
 3 import cn.coreqi.ssoserver.authorize.AuthorizeConfigProvider;
 4 import org.springframework.http.HttpMethod;
 5 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 6 import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
 7 import org.springframework.stereotype.Component;
 8 
 9 @Component
10 public class CoreqiAuthorizeConfigProvider implements AuthorizeConfigProvider {
11     @Override
12     public void config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) {
13           config.antMatchers("/oauth/*","/login/*").permitAll()
14                 .antMatchers(HttpMethod.GET,"/auth/*").hasRole("admin")
15                 .anyRequest().authenticated();  //任何请求都需要身份认证
16     }
17 }

    ⒊在SpringSecurity项目中创建AuthorizeConfigManager接口用于调用系统中所有的配置信息

    1 package cn.coreqi.ssoserver.authorize;
2 
3 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
4 import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
5 
6 public interface AuthorizeConfigManager {
7     void config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config);
8 }

    ⒋我们实现此接口

     1 package cn.coreqi.ssoserver.authorize.impl;
 2 
 3 import cn.coreqi.ssoserver.authorize.AuthorizeConfigManager;
 4 import cn.coreqi.ssoserver.authorize.AuthorizeConfigProvider;
 5 import org.springframework.beans.factory.annotation.Autowired;
 6 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 7 import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
 8 import org.springframework.stereotype.Component;
 9 
10 import java.util.Set;
11 
12 @Component
13 public class CoreqiAuthorizeConfigManager implements AuthorizeConfigManager {
14     /**
15      * 将系统中所有的AuthorizeConfigProvider收集起来
16      */
17     @Autowired
18     private Set<AuthorizeConfigProvider> authorizeConfigProviders;
19     @Override
20     public void config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) {
21         for (AuthorizeConfigProvider authorizeConfigProvider : authorizeConfigProviders ){
22             authorizeConfigProvider.config(config);
23         }
24         config.anyRequest().authenticated();
25     }
26 }

    ⒌在SpringSecurity配置中进行如下配置

     1 @EnableWebSecurity
 2 public class SsoWebSecurityConfig extends WebSecurityConfigurerAdapter {
 3 
 4     @Autowired
 5     private AuthorizeConfigManager authorizeConfigManager;
 6     @Override
 7     protected void configure(HttpSecurity http) throws Exception {
 8         http.formLogin()
 9                 .and()
10                 .csrf().disable();    //禁用CSRF
11 
12         authorizeConfigManager.config(http.authorizeRequests());
13     }
14 }
  • 相关阅读:
    [WCF安全系列]从两种安全模式谈起
    为自定义配置的编辑提供”智能感知”的支持
    在Entity Framework中使用存储过程(二):具有继承关系实体的存储过程如何定义?
    [WCF安全系列]实例演示:TLS/SSL在WCF中的应用[HTTPS]
    [WCF安全系列]谈谈WCF的客户端认证[Windows认证]
    在Entity Framework中使用存储过程(三):逻辑删除的实现与自增长列值返回
    [转] Leaving patterns & practices
    两个简单的扩展方法:TrimPrefix和TrimSuffix
    Oracle 系统表
    让IoC动态解析自定义配置(提供基于Unity的实现)
  • 原文地址:https://www.cnblogs.com/fanqisoft/p/10685901.html
Copyright © 2020-2023  润新知