`httpBasic()`和`authorizeRequest()`之间的区别。

huangapple go评论98阅读模式
英文:

Difference between httpBasic() and authorizeRequest()

问题

好的,我正在学习Spring Security,我遇到了一些包含类似下面配置的私有代码。

httpSecurity.authorizeRequests().anyRequest().permitAll();

现在,我在查看httpsecurity方法的Javadoc时,看到了httpBasic()

httpSecurity.httpBasic();

这两行代码的输出是相同的。所以,有人可以帮我理解它们之间的区别吗?

英文:

Okay, I am learning spring security and I came across some private code which has something like below configured.
httpSecurity.authorizeRequests().anyRequest().permitAll();

Now, i was seeing javadocs of httpsecurity methods and came across httpBasic()

httpSecurity.httpBasic();

Output of both these lines are same. So, can some one help me understand the difference?

答案1

得分: 1

authorizeRequest()
------------------

`authorizeRequest()` 用于基于 HttpServletRequest 使用 RequestMatcher 实现(例如通过 URL 模式)来限制访问。

示例配置:

最基本的示例是将所有 URL 配置为需要 "ROLE_USER" 角色。以下配置要求对每个 URL 进行身份验证,并将访问权限授予 "admin" 和 "user" 用户。

protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests(authorizeRequests ->
authorizeRequests
.antMatchers("/**").hasRole("USER")
)
.formLogin(withDefaults());
}


 httpBasic() 
----------
配置 HTTP 基本认证。HTTP 基本认证实现是强制访问控制 web 资源的最简单技术,因为它不需要 cookies、会话标识符或登录页面。默认域是 "Spring Security Application"。

示例配置:

以下示例演示了如何为应用程序配置 HTTP 基本认证。

@Configuration
@EnableWebSecurity
public class HttpBasicSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
            http.authorizeRequests().antMatchers("/**").hasRole("USER").and().httpBasic();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
    }

}

英文:

authorizeRequest()

authorizeRequest() used for restricting access based upon the HttpServletRequest using RequestMatcher implementations (i.e. via URL patterns).

Example Configurations:

The most basic example is to configure all URLs to require the role "ROLE_USER". The configuration below requires authentication to every URL and will grant access to both the user "admin" and "user".

protected void configure(HttpSecurity http) throws Exception {
                http
                        .authorizeRequests(authorizeRequests ->
                                authorizeRequests
                                        .antMatchers("/**").hasRole("USER")
                        )
                        .formLogin(withDefaults());
        }

httpBasic()

Configures HTTP Basic authentication. HTTP Basic authentication implementation is the simplest technique for enforcing access controls to web resources because it does not require cookies, session identifiers, or login pages. The default realm is "Spring Security Application".

Example Configurations

The example below demonstrates how to configure HTTP Basic authentication for an application.

@Configuration
 @EnableWebSecurity
 public class HttpBasicSecurityConfig extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(HttpSecurity http) throws Exception {
                http.authorizeRequests().antMatchers("/**").hasRole("USER").and().httpBasic();
        }

        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
                auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
        }
 }

huangapple
  • 本文由 发表于 2020年4月9日 22:29:54
  • 转载请务必保留本文链接:https://go.coder-hub.com/61123520.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定