英文:
Adapting to Spring security 6
问题
由于迁移到Spring Security 6和WebSecurityConfigurerAdapter已弃用,我需要调整下面的安全配置,但不确定我是否走在正确的路上。
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Inject
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService)
.passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/v1/**", "/v2/**", "/swagger-ui/**", "/api-docs/**").permitAll()
.antMatchers("/v3/polls/**").authenticated()
.and()
.httpBasic()
.realmName("Quick Poll")
.and()
.csrf()
.disable();
}
}
我迄今为止尝试了以下代码,但不确定它是否正确:
@Configuration
public class SecurityConfig {
@Bean
public PasswordEncoder encoder() {
return new BCryptPasswordEncoder();
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}
}
英文:
Due to a migration to Spring security 6 and the WebSecurityConfigurerAdapter deprecation I need to adapt the security conf below, buit not sure if I am going in the correct way.
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Inject
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService)
.passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/v1/**", "/v2/**", "/swagger-ui/**", "/api-docs/**").permitAll()
.antMatchers("/v3/polls/**").authenticated()
.and()
.httpBasic()
.realmName("Quick Poll")
.and()
.csrf()
.disable();
}
}
I tried so far this below but not sure it is correct:
@Configuration
public class SecurityConfig {
@Bean
public PasswordEncoder encoder() {
return new BCryptPasswordEncoder();
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}
}
答案1
得分: 0
The remaining step is to replace WebSecurityConfigurerAdapter#configure with a SecurityFilterChain bean.
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeHttpRequests().requestMatchers("/v1/**", "/v2/**", "/swagger-ui/**", "/api-docs/**")
.permitAll().requestMatchers("/v3/polls/**").authenticated().and().httpBasic().realmName("Quick Poll")
.and().csrf().disable().build();
}
英文:
The remaining step is to replace WebSecurityConfigurerAdapter#configure with a SecurityFilterChain bean.
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeHttpRequests().requestMatchers("/v1/**", "/v2/**", "/swagger-ui/**", "/api-docs/**")
.permitAll().requestMatchers("/v3/polls/**").authenticated().and().httpBasic().realmName("Quick Poll")
.and().csrf().disable().build();
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论