适应 Spring Security 6

huangapple go评论97阅读模式
英文:

Adapting to Spring security 6

问题

由于迁移到Spring Security 6和WebSecurityConfigurerAdapter已弃用我需要调整下面的安全配置但不确定我是否走在正确的路上

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Inject
    private UserDetailsService userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService)
            .passwordEncoder(new BCryptPasswordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http
            .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
            .authorizeRequests()
                .antMatchers("/v1/**", "/v2/**", "/swagger-ui/**", "/api-docs/**").permitAll()
                .antMatchers("/v3/polls/**").authenticated()
                .and()
            .httpBasic()
                .realmName("Quick Poll")
                .and()
            .csrf()
                .disable();
    }
}
我迄今为止尝试了以下代码但不确定它是否正确

@Configuration
public class SecurityConfig {

    @Bean
    public PasswordEncoder encoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
        return authenticationConfiguration.getAuthenticationManager();
    }
}
英文:

Due to a migration to Spring security 6 and the WebSecurityConfigurerAdapter deprecation I need to adapt the security conf below, buit not sure if I am going in the correct way.

 @Configuration
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Inject
private UserDetailsService userDetailsService;
	
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
	auth.userDetailsService(userDetailsService)
		.passwordEncoder(new BCryptPasswordEncoder());
}

@Override
protected void configure(HttpSecurity http) throws Exception {
	
	http
		.sessionManagement()
			.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
			.and()
		.authorizeRequests()
			.antMatchers("/v1/**", "/v2/**", "/swagger-ui/**", "/api-docs/**").permitAll()
			.antMatchers("/v3/polls/**").authenticated()
			.and()
		.httpBasic()
			.realmName("Quick Poll")
			.and()
		.csrf()
			.disable();
  }
 }

I tried so far this below but not sure it is correct:

 @Configuration
 public class SecurityConfig {

@Bean
public PasswordEncoder encoder() {
    return new BCryptPasswordEncoder();
}

@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
    return authenticationConfiguration.getAuthenticationManager();
}

}

答案1

得分: 0

The remaining step is to replace WebSecurityConfigurerAdapter#configure with a SecurityFilterChain bean.

@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
    return http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
            .authorizeHttpRequests().requestMatchers("/v1/**", "/v2/**", "/swagger-ui/**", "/api-docs/**")
            .permitAll().requestMatchers("/v3/polls/**").authenticated().and().httpBasic().realmName("Quick Poll")
            .and().csrf().disable().build();
}
英文:

The remaining step is to replace WebSecurityConfigurerAdapter#configure with a SecurityFilterChain bean.

@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
	return http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
			.authorizeHttpRequests().requestMatchers("/v1/**", "/v2/**", "/swagger-ui/**", "/api-docs/**")
			.permitAll().requestMatchers("/v3/polls/**").authenticated().and().httpBasic().realmName("Quick Poll")
			.and().csrf().disable().build();
}

huangapple
  • 本文由 发表于 2023年6月5日 05:13:30
  • 转载请务必保留本文链接:https://go.coder-hub.com/76402434.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定