美文网首页Java知识储备Java学习笔记Spring Boot
Spring Boot整合Spring Security简记-方

Spring Boot整合Spring Security简记-方

作者: 78240024406c | 来源:发表于2018-01-31 22:07 被阅读149次

    new無语 转载请注明原创出处,谢谢!

    Spring Security学习目录

    GlobalMethodSecurityConfiguration

    我们通过Spring Security的GlobalMethodSecurityConfiguration配置类来进行方法级别的安全规则添加。
    其中这段代码是进行添加启动注解规则安全验证(securedEnabled = true等)。
    在这里我们进行添加自定义的校验规则。这个规则是验证Spring所管理的bean的调用。

        public MethodSecurityMetadataSource methodSecurityMetadataSource() {
            List<MethodSecurityMetadataSource> sources = new ArrayList<MethodSecurityMetadataSource>();
            ExpressionBasedAnnotationAttributeFactory attributeFactory = new ExpressionBasedAnnotationAttributeFactory(
                    getExpressionHandler());
            MethodSecurityMetadataSource customMethodSecurityMetadataSource = customMethodSecurityMetadataSource();
            if (customMethodSecurityMetadataSource != null) {
                sources.add(customMethodSecurityMetadataSource);
            }
            if (prePostEnabled()) {
                sources.add(new PrePostAnnotationSecurityMetadataSource(attributeFactory));
            }
            if (securedEnabled()) {
                sources.add(new SecuredAnnotationSecurityMetadataSource());
            }
            if (jsr250Enabled()) {
                GrantedAuthorityDefaults grantedAuthorityDefaults =
                        getSingleBeanOrNull(GrantedAuthorityDefaults.class);
                if (grantedAuthorityDefaults != null) {
                    this.jsr250MethodSecurityMetadataSource.setDefaultRolePrefix(
                            grantedAuthorityDefaults.getRolePrefix());
                }
                sources.add(jsr250MethodSecurityMetadataSource);
            }
            return new DelegatingMethodSecurityMetadataSource(sources);
        }
    

    通过下面预留的自定义方法,进行重写实现自定义规则添加。

        /**
         * Provides a custom {@link MethodSecurityMetadataSource} that is registered with the
         * {@link #methodSecurityMetadataSource()}. Default is null.
         *
         * @return a custom {@link MethodSecurityMetadataSource} that is registered with the
         * {@link #methodSecurityMetadataSource()}
         */
        protected MethodSecurityMetadataSource customMethodSecurityMetadataSource() {
            return null;
        }
    
    

    重写demo,写的比较简单。通俗达意就可以了。

       @EnableGlobalMethodSecurity(
                securedEnabled = true,
                prePostEnabled = true,
                jsr250Enabled = true
        )
        class SpringMethodSecurityConfiguration extends GlobalMethodSecurityConfiguration {
            @Override
            protected MethodSecurityMetadataSource customMethodSecurityMetadataSource() {
                List<MethodSecurityMetadataSource> sources = new ArrayList<MethodSecurityMetadataSource>();
                Map<String, List<ConfigAttribute>> methodMap = new HashMap<>();
                List<ConfigAttribute> configAttributes = Arrays.asList(new SecurityConfig("ROLE_ADMIN1"));
                methodMap.put("com.zee.springcloudsecurity.controller.TestController.test13", configAttributes);
                MethodSecurityMetadataSource methodSecurityMetadataSource = new MapBasedMethodSecurityMetadataSource(methodMap);
                Map<String, List<ConfigAttribute>> methodMap2 = new HashMap<>();
                List<ConfigAttribute> configAttributes2 = Arrays.asList(new SecurityConfig("ROLE_ADMIN"));
                methodMap2.put("com.zee.springcloudsecurity.controller.TestController.test14", configAttributes2);
                MethodSecurityMetadataSource methodSecurityMetadataSource2 = new MapBasedMethodSecurityMetadataSource(methodMap2);
                sources.add(methodSecurityMetadataSource);
                sources.add(methodSecurityMetadataSource2);
                return new DelegatingMethodSecurityMetadataSource(sources);
            }
        }
    

    相关文章

      网友评论

        本文标题:Spring Boot整合Spring Security简记-方

        本文链接:https://www.haomeiwen.com/subject/nuutzxtx.html