Spring Security protected void configure(HttpSecurity http) Please explain the proper use of " and() ". What does it mean?

huangapple
go评论105阅读模式
英文:

Spring Security protected void configure(HttpSecurity http) Please explain the proper use of " and() ". What does it mean?

问题

I have lots and lots of examples from many search results in this platform and others, but I can't find an explanation of the "and()" . Obviously some kind of delimiter. Possibly doing the logical AND (&&) but maybe not.

我有许多来自这个平台和其他地方的搜索结果示例,但我找不到关于 "and()" 的解释。显然是某种分隔符。可能执行逻辑 AND(&&),但也可能不是。

I want to understand proper usage and what it does...what it means.

我想了解它的正确用法以及它是做什么的...它的含义是什么。

I hope this question is salient and the answers useful for others

我希望这个问题对其他人有用。

Reference: https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.html#configure-org.springframework.security.config.annotation.web.builders.HttpSecurity-

Then inside of that document:

然后在该文档的内部:

protected void configure(HttpSecurity http)
throws java.lang.Exception

Override this method to configure the HttpSecurity. Typically subclasses should not invoke this method by calling super as it may override their configuration. The default configuration is:

覆盖此方法以配置 HttpSecurity。通常子类不应通过调用 super 来调用此方法,因为它可能会覆盖它们的配置。默认配置是:

http.authorizeRequests().anyRequest().authenticated().and().formLogin().and().httpBasic();

英文:

I have lots and lots of examples from many search results in this platform and others, but I can't find an explanation of the " and() ". Obviously some kind of delimiter. Possibly doing the logical AND (&&) but maybe not.

I want to understand proper usage and what it does...what it means.

I hope this question is salient and the answers useful for others

Reference: https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.html#configure-org.springframework.security.config.annotation.web.builders.HttpSecurity-

Then inside of that document:

protected void configure(HttpSecurity http)
                  throws java.lang.Exception

Override this method to configure the HttpSecurity. Typically subclasses should not invoke this method by calling super as it may override their configuration. The default configuration is:

http.authorizeRequests().anyRequest().authenticated().and().formLogin().and().httpBasic();

答案1

得分: 2

Here is the translated content:

  • 让我们看下面的示例。两者是等价的。
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
            .antMatchers("/", "/home").permitAll()
            .anyRequest().authenticated();

    http.formLogin()
            .loginPage("/login")
            .permitAll();

    http.logout()
            .permitAll();
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
            .antMatchers("/", "/home").permitAll()
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/login")
            .permitAll()
            .and()
        .logout()
            .permitAll();
}

  • 实际上,在这个示例中,我们正在配置不同的配置器,如ExpressionUrlAuthorizationConfigurerFormLoginConfigurerLogoutConfigurer。尽管在第一个示例中它们被分别配置,但它们会一起应用。因此,在这里,AND起到了逻辑上的“与”的作用。

  • 现在请注意,例如,.anyRequest().authenticated()的返回类型是ExpressionInterceptUrlRegistry,但formLogin()方法只存在于HttpSecurity类型的对象中,所以在构建器模式中,and()起到了切换返回类型的第二个作用,也就是一旦你调用了anyRequest().authenticated().and(),返回类型就变成了HttpSecurity,所以现在可以开始调用formLogin()

  • 看到IntelliJ在各个点显示的返回类型。

英文:
  • Lets take the following example. Both are equivalent.
    @Override
	protected void configure(HttpSecurity http) throws Exception {
		http.authorizeRequests()
				.antMatchers("/", "/home").permitAll()
				.anyRequest().authenticated();

		http.formLogin()
				.loginPage("/login")
				.permitAll();

		http.logout()
				.permitAll();
	}

     protected void configure(HttpSecurity http) throws Exception {
		http
			.authorizeRequests()
				.antMatchers("/", "/home").permitAll()
				.anyRequest().authenticated()
				.and()
			.formLogin()
				.loginPage("/login")
				.permitAll()
				.and()
			.logout()
				.permitAll();
	}

  • Actually we are configuring different configurers here like ExpressionUrlAuthorizationConfigurer, FormLoginConfigurer and LogoutConfigurer in this example. Even though, they are configured separately in the first one, they are all applied together. So here AND plays the logical AND role.

  • Now notice, for example, return type of.anyRequest().authenticated() is ExpressionInterceptUrlRegistry, but the method formLogin() is only present in object of type HttpSecurity, so in builder pattern and() plays the second role of switching return type, i.e as soon as you call, anyRequest().authenticated().and(), the return type is HttpSecurity so now it allows you start formLogin()

  • See the Intellij showing the return types at various points.

    Spring Security protected void configure(HttpSecurity http) Please explain the proper use of " and() ". What does it mean?

huangapple
  • 本文由 发表于 2020年7月31日 21:55:07
  • 转载请务必保留本文链接:https://go.coder-hub.com/63193202.html
  • java
  • spring
  • spring-security
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定