当前位置 博文首页 > m0_51945027的博客:Spring Security问题解答报告

最大化 缩小

    m0_51945027的博客:Spring Security问题解答报告

    作者:[db:作者] 时间:2021-09-13 16:23

    1,准备多个user,进行不同权限的演示
    在重写UserDetailService中去修改不同的user,以此设置权限

    2,configure(WebSecurity web)里配置了ignoring的资源,不受configure(HttpSecurity http)管理,尽量有依据

    package org.springframework.security.config.annotation.web.configuration;

@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.TYPE})
@Documented
@Import({WebSecurityConfiguration.class, SpringWebMvcImportSelector.class, OAuth2ImportSelector.class, HttpSecurityConfiguration.class})
@EnableGlobalAuthentication
@Configuration
public @interface EnableWebSecurity {
    boolean debug() default false;
}

    debug作用

    @Configuration
@EnableWebSecurity(debug = true)
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter

     public void setFilterChainProxySecurityConfigurer(ObjectPostProcessor<Object> objectPostProcessor, @Value("#{@autowiredWebSecurityConfigurersIgnoreParents.getWebSecurityConfigurers()}") List<SecurityConfigurer<Filter, WebSecurity>> webSecurityConfigurers) throws Exception {
        this.webSecurity = (WebSecurity)objectPostProcessor.postProcess(new WebSecurity(objectPostProcessor));
        if (this.debugEnabled != null) {
            this.webSecurity.debug(this.debugEnabled);
        }

        webSecurityConfigurers.sort(WebSecurityConfiguration.AnnotationAwareOrderComparator.INSTANCE);
        Integer previousOrder = null;
        Object previousConfig = null;

        Iterator var5;
        SecurityConfigurer config;
        for(var5 = webSecurityConfigurers.iterator(); var5.hasNext(); previousConfig = config) {
            config = (SecurityConfigurer)var5.next();
            Integer order = WebSecurityConfiguration.AnnotationAwareOrderComparator.lookupOrder(config);
            if (previousOrder != null && previousOrder.equals(order)) {
                throw new IllegalStateException("@Order on WebSecurityConfigurers must be unique. Order of " + order + " was already used on " + previousConfig + ", so it cannot be used on " + config + " too.");
            }

            previousOrder = order;
        }

        var5 = webSecurityConfigurers.iterator();

        while(var5.hasNext()) {
        //将配置的每一个securityConfigurer列表传递给webSecurity
            config = (SecurityConfigurer)var5.next();
            this.webSecurity.apply(config);
        }

        this.webSecurityConfigurers = webSecurityConfigurers;
    }

    @Bean(
        name = {"springSecurityFilterChain"}
    )
    public Filter springSecurityFilterChain() throws Exception {
        boolean hasConfigurers = this.webSecurityConfigurers != null && !this.webSecurityConfigurers.isEmpty();
        boolean hasFilterChain = !this.securityFilterChains.isEmpty();
        Assert.state(!hasConfigurers || !hasFilterChain, "Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one.");
        if (!hasConfigurers && !hasFilterChain) {
        //如果没有配置,则取默认配置
            WebSecurityConfigurerAdapter adapter = (WebSecurityConfigurerAdapter)this.objectObjectPostProcessor.postProcess(new WebSecurityConfigurerAdapter() {
            });
            this.webSecurity.apply(adapter);
        }

        Iterator var7 = this.securityFilterChains.iterator();

        while(true) {
            while(var7.hasNext()) {
                SecurityFilterChain securityFilterChain = (SecurityFilterChain)var7.next();
                this.webSecurity.addSecurityFilterChainBuilder(() -> {
                    return securityFilterChain;
                });
                Iterator var5 = securityFilterChain.getFilters().iterator();

                while(var5.hasNext()) {
                    Filter filter = (Filter)var5.next();
                    if (filter instanceof FilterSecurityInterceptor) {
                        this.webSecurity.securityInterceptor((FilterSecurityInterceptor)filter);
                        break;
                    }
                }
            }

            var7 = this.webSecurityCustomizers.iterator();

            while(var7.hasNext()) {
                WebSecurityCustomizer customizer = (WebSecurityCustomizer)var7.next();
                customizer.customize(this.webSecurity);
            }

//调用webSecurity的biud方法生成过滤器
            return (Filter)this.webSecurity.build();
        }
    }

    
    public final O build() throws Exception {
        if (this.building.compareAndSet(false, true)) {
        //TODO 
            this.object = this.doBuild();
            return this.object;
        } else {
            throw new AlreadyBuiltException("This object has already been built");
        }
    }

    protected final O doBuild() throws Exception {
        synchronized(this.configurers) {
            this.buildState = AbstractConfiguredSecurityBuilder.BuildState.INITIALIZING;
            this.beforeInit();
            //初始化,将所有httpSecurity注册到websecurity中
            this.init();
            this.buildState = AbstractConfiguredSecurityBuilder.BuildState.CONFIGURING;
            this.beforeConfigure();
            this.configure();
            this.buildState = AbstractConfiguredSecurityBuilder.BuildState.BUILDING;
            //websecurity的performBuild
            O result = this.performBuild();
            this.buildState = AbstractConfiguredSecurityBuilder.BuildState.BUILT;
            return result;
        }
    }

    protected Filter performBuild() throws Exception {
        Assert.state(!this.securityFilterChainBuilders.isEmpty(), () -> {
            return "At least one SecurityBuilder<? extends SecurityFilterChain> needs to be specified. Typically this is done by exposing a SecurityFilterChain bean or by adding a @Configuration that extends WebSecurityConfigurerAdapter. More advanced users can invoke "
    上一篇:m0_51945027的博客:FinalShell连接(CentOS)
    下一篇:没有了