ResourceServerConfigurerAdapter和WebSecurityConfigurerAdapter [英] ResourceServerConfigurerAdapter vs WebSecurityConfigurerAdapter

问题描述

我目前正在使用Spring Security进行Oauth2实现，并且发现了许多使用ResourceServerConfigurerAdapter和WebSecurityConfigurerAdapter的文档.

I'm currently working on a Oauth2 implementation with Spring Security, and I found many documentations that use ResourceServerConfigurerAdapter along with the WebSecurityConfigurerAdapter.

我希望有人可以告诉我这两种配置之间的区别，因为由于这两个类都提供了一个，所以我对使用哪种configure(HttpSecurity http)方法感到困惑.

I hope someone can tell me the differences between the two configurations because I really get confused in which configure(HttpSecurity http) method to use since both classes offer one.

我在stackoverflow中找到了一些类似的问题，但是没有明确回答.

I've found some similar questions here in stackoverflow but there are not clearly answered.

推荐答案

通过阅读JavaDoc，我认为唯一的目的是将OAuth2资源身份验证的关注点与包含各种安全过滤器的WebSecurityConfigurerAdapters分开.

From reading the JavaDocs I think the only purpose it's to separate the concerns for OAuth2 Resources authentication from the WebSecurityConfigurerAdapters which contains all sorts of security filters.

此外，您似乎应该添加@EnableResourceServer批注并通过ResourceServerConfigurerAdapter提供类型为ResourceServerConfigurer的@Bean.注释基本上将创建另一个WebSecurityConfigurerAdapters，其硬编码顺序为3.

Additionally it seems like you should add @EnableResourceServer annotation and provide a @Bean of type ResourceServerConfigurer via ResourceServerConfigurerAdapter. The annotation will basically create another WebSecurityConfigurerAdapters with an hard-coded order of 3.

因此，总而言之，您将拥有2个或更多的WebSecurityConfigurerAdapters，但其中一个特定于OAuth2身份验证.

So to summarise you will have 2 or more WebSecurityConfigurerAdapters but one is specific to OAuth2 authentications.

这篇关于ResourceServerConfigurerAdapter和WebSecurityConfigurerAdapter的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！