security新版本问题
security的websecurityconfigureadapter被弃用,那么如何配置获取authenticationbean呢
用过WebSecurityConfigurerAdapter的都知道对Spring Security十分重要,总管Spring Security的配置体系。但是马上这个类要废了,你没有看错,这个类将在5.7版本被@Deprecated所标记了,这个类将被移除。
@Bean
SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
return http
.antMatcher("/**")
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
)
.build();
}
https://blog.csdn.net/qq_39652397/article/details/123070913
security的websecurityconfigureadapter被弃用了还是可以兼容使用的
新方法
@Configuration
public class SecurityConfiguration {
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
// 仅仅作为演示
return (web) -> web.ignoring().antMatchers("/ignore1", "/ignore2");
}
}
我用5.7.1看了一下,用法如下:
1.写个配置类,加上@EnableWebSecurity注解即可
2.配置以SecurityFilterChain为单位了,意思http相关的每个bean方法返回值类型是SecurityFilterChain。
用法和之前大差不差,具体代码如下:
@EnableWebSecurity
public class TestConfig {
// 用户信息
@Bean
public UserDetailsService userDetailsService() throws Exception {
User.UserBuilder users = User.withDefaultPasswordEncoder();
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
manager.createUser(users.username("user").password("password").roles("USER").build());
manager.createUser(users.username("admin").password("password").roles("USER","ADMIN").build());
return manager;
}
// 请求相关
@Bean
@Order(1)
public SecurityFilterChain apiFilterChain(HttpSecurity http) throws Exception {
http
.antMatcher("/api/**")
.authorizeHttpRequests(authorize -> authorize
.anyRequest().hasRole("ADMIN")
)
.httpBasic();
return http.build();
}
// 登录相关
@Bean
public SecurityFilterChain formLoginFilterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests(authorize -> authorize
.anyRequest().authenticated()
)
.formLogin()
.loginPage("/login.html")
.loginProcessingUrl("/login");
return http.build();
}
}