How @Bean is used in a class without @Configuration when configuring Spring Security in a Spring Boot app?

huangapple go评论96阅读模式
英文:

How @Bean is used in a class without @Configuration when configuring Spring Security in a Spring Boot app?

问题

我正在学习在Spring Boot应用程序中使用Spring Security。我知道你只需要在@Configuration类中使用@Bean。但是我看到了这个配置Spring Security的例子,@Bean被用在一个没有@Configuration的类中。这是怎么可能的呢?谢谢!

@EnableWebSecurity
public class SecurityConfigurer extends WebSecurityConfigurerAdapter {

    @Autowired
    private MyUserDetailsService myUserDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(myUserDetailsService);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .authorizeRequests().antMatchers("/authenticate").permitAll()
                .anyRequest().authenticated();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
}
英文:

I'm learning about Spring Security in a Spring Boot app. I know that you need to use @Bean only in a @Configuration class. But I see this example for configuration Spring Security and the @Bean is used in a class without @Configuration. How is this possible? Thank you!

@EnableWebSecurity
public class SecurityConfigurer extends WebSecurityConfigurerAdapter {

    @Autowired
    private MyUserDetailsService myUserDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(myUserDetailsService);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .authorizeRequests().antMatchers("/authenticate").permitAll()
                .anyRequest().authenticated();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
} 

答案1

得分: 3

在这种情况下,请查阅文档,这里是@Bean文档,您可以看到在@Configuration类中不是强制使用@Bean

> 也可以在未使用 @Configuration 注解的类中声明 @Bean 方法。例如,bean 方法可以在 @Component 类中声明,甚至可以在普通的旧类中声明。

如果您还查看@EnableWebSecurity 文档,您会发现它包含了@Configuration

编辑:提示

对于一个Spring Boot应用程序,当我们使用@EnableWebSecurity时,我们会禁用安全自动配置,所以最好的做法是像这样简单地进行配置:

@Configuration
// @Order(...)   我们可以设置过滤器链的顺序
public class SecurityConfigurer extends WebSecurityConfigurerAdapter {
      // 在此处进行配置
}

在这种情况下,我们保留了Spring Boot提供的配置 + 我们自己的配置。

英文:

When you are in a such case, take a look at the documentation, here @Bean documentation you can see that it is not mandatory to use @Bean in a @Configuration class:

> @Bean methods may also be declared within classes that are not annotated with @Configuration. For example, bean methods may be declared in a @Component class or even in a plain old class.

If you also take a look at @EnableWebSecurity doc you can see that it includes @Configuration.

EDIT: Hints

For a Spring Boot application, when we use @EnableWebSecurity we disable security auto-configuration, so it's preferable to simply doing something like this:

@Configuration
// @Order(...)   we can set the order of the filter chain
public class SecurityConfigurer extends WebSecurityConfigurerAdapter {
      // configuration here
}

In this case we keep the configuration provided by Spring Boot + our own configurations.

huangapple
  • 本文由 发表于 2020年10月21日 17:11:23
  • 转载请务必保留本文链接:https://go.coder-hub.com/64460344.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定