英文:
How @Bean is used in a class without @Configuration when configuring Spring Security in a Spring Boot app?
问题
我正在学习在Spring Boot应用程序中使用Spring Security。我知道你只需要在@Configuration类中使用@Bean。但是我看到了这个配置Spring Security的例子,@Bean被用在一个没有@Configuration的类中。这是怎么可能的呢?谢谢!
@EnableWebSecurity
public class SecurityConfigurer extends WebSecurityConfigurerAdapter {
@Autowired
private MyUserDetailsService myUserDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(myUserDetailsService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests().antMatchers("/authenticate").permitAll()
.anyRequest().authenticated();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
英文:
I'm learning about Spring Security in a Spring Boot app. I know that you need to use @Bean only in a @Configuration class. But I see this example for configuration Spring Security and the @Bean is used in a class without @Configuration. How is this possible? Thank you!
@EnableWebSecurity
public class SecurityConfigurer extends WebSecurityConfigurerAdapter {
@Autowired
private MyUserDetailsService myUserDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(myUserDetailsService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests().antMatchers("/authenticate").permitAll()
.anyRequest().authenticated();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
答案1
得分: 3
在这种情况下,请查阅文档,这里是@Bean文档,您可以看到在@Configuration
类中不是强制使用@Bean
:
> 也可以在未使用 @Configuration 注解的类中声明 @Bean 方法。例如,bean 方法可以在 @Component 类中声明,甚至可以在普通的旧类中声明。
如果您还查看@EnableWebSecurity
文档,您会发现它包含了@Configuration
。
编辑:提示
对于一个Spring Boot应用程序,当我们使用@EnableWebSecurity
时,我们会禁用安全自动配置,所以最好的做法是像这样简单地进行配置:
@Configuration
// @Order(...) 我们可以设置过滤器链的顺序
public class SecurityConfigurer extends WebSecurityConfigurerAdapter {
// 在此处进行配置
}
在这种情况下,我们保留了Spring Boot提供的配置 + 我们自己的配置。
英文:
When you are in a such case, take a look at the documentation, here @Bean documentation you can see that it is not mandatory to use @Bean
in a @Configuration
class:
> @Bean methods may also be declared within classes that are not annotated with @Configuration. For example, bean methods may be declared in a @Component class or even in a plain old class.
If you also take a look at @EnableWebSecurity
doc you can see that it includes @Configuration
.
EDIT: Hints
For a Spring Boot application, when we use @EnableWebSecurity
we disable security auto-configuration, so it's preferable to simply doing something like this:
@Configuration
// @Order(...) we can set the order of the filter chain
public class SecurityConfigurer extends WebSecurityConfigurerAdapter {
// configuration here
}
In this case we keep the configuration provided by Spring Boot + our own configurations.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论