考虑切换到’HttpSecurity’ Lambda DSL语法。

huangapple go评论92阅读模式
英文:

Spring Boot Consider switching to 'HttpSecurity' Lambda DSL syntax

问题

以下是您提供的代码的翻译部分:

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
public class SecurityConfiguration {

  @Bean
  public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
    http.csrf().disable();

    http.httpBasic().authenticationEntryPoint(new AuthEntryPoint());
		
    http.authorizeHttpRequests()
			.requestMatchers(HttpMethod.POST, "/api/1.0/auth").authenticated()
			.and()
			.authorizeHttpRequests().anyRequest().permitAll();

    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

    return http.build();
  }

  @Bean
  public PasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
  }
}

请注意,我已经去掉了代码中的翻译部分,只保留了原始的Java代码。如果您有任何其他问题或需要进一步的帮助,请随时提问。

英文:

My code is here. new AuthEntryPoint() code error to Consider switching to 'HttpSecurity' Lambda DSL syntax. How can i solved. pls help me

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
 
@Configuration
@EnableWebSecurity
public class SecurityConfiguration {
 
  @Bean
  public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
    http.csrf().disable();
 
    http.httpBasic().authenticationEntryPoint(new AuthEntryPoint());
		
    http.authorizeHttpRequests()
			.requestMatchers(HttpMethod.POST, "/api/1.0/auth").authenticated()
			.and()
			.authorizeHttpRequests().anyRequest().permitAll();
 
    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
 
    return http.build();
  }
 
  @Bean
  public PasswordEncoder passwordEncoder() {
    return new BCryptPasswordEncoder();
  }
}



i try google bard and chatgbt 考虑切换到’HttpSecurity’ Lambda DSL语法。

答案1

得分: 1

请将上面的代码重写为以下类似的形式,不需要使用.and()

http
    .cors(cors -> cors.disable())
    .csrf(csrf -> csrf.disable())
    .authorizeHttpRequests(authorizeRequests -> 
        authorizeRequests
            .antMatchers("/admins-only/**").hasAuthority(ADMIN)
            .antMatchers(HttpMethod.GET, "/**").permitAll()
            .anyRequest().authenticated()
    );

同样,您可以尝试不同的配置选项。

如果您特别需要为authEntryPoint

http
    .httpBasic(withDefaults())
    .authenticationEntryPoint(AuthEntryPoint::new);
英文:

Rewrite the above code similar to this and there will be no need of .and()

http.cors(cors -> cors.disable()).csrf(csrf -> csrf.disable())
        .authorizeHttpRequests(authorizeRequests -> 
             authorizeRequests.antMatchers("/admins-only/**").hasAuthority(ADMIN)
                .antMatchers(HttpMethod.GET, "/**").permitAll()
                .anyRequest()
                .authenticated());

Similarly, you can try for the different configurations you already have.

If you want specifically for authEntryPoint

http.httpBasic(withDefaults()).authenticationEntryPoint(AuthEntryPoint::new)

答案2

得分: 1

你的配置风格仍然有效且受支持。这是来自你的IDE的警告,而不是错误消息。添加Lambda表达式已经包含在Spring Security 5.2版本中,旨在提供更多灵活性,但它们的使用是可选的。

正如在文档中所述:

> Lambda DSL是为实现以下目标而创建的:
>
> - 自动缩进使配置更具可读性。
> - 无需使用 .and() 链接配置选项。
> - Spring Security DSL具有类似于其他Spring DSL(如Spring Integration和Spring Cloud Gateway)的配置风格。

查看Spring Blog中的文章 Spring Security - Lambda DSL 以获取更多信息。

英文:

your configuration style is still valid and supported. This is a warning from your IDE, not an error message. Adding lambdas was included in Spring Security 5.2 release and is intended to provide more flexibility, but their usage is optional.

As in the documentation:

> The Lambda DSL was created to accomplish to following goals:
>
> - Automatic indentation makes the configuration more readable.
> - The is no need to chain configuration options using .and().
> - The Spring Security DSL has a similar configuration style to other Spring DSLs such as Spring Integration and Spring Cloud Gateway.

Check the article Spring Security - Lambda DSL in Spring Blog for more information.

huangapple
  • 本文由 发表于 2023年6月5日 01:07:10
  • 转载请务必保留本文链接:https://go.coder-hub.com/76401519.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定