春季:等效于安全性:身份验证管理器和安全性:全局方法安全性的注释 [英] Spring: Annotation equivalent of security:authentication-manager and security:global-method-security

问题描述

在XML配置中，我可以使用security命名空间来启用对安全性的支持，例如:

In XML configuration, I can use security namespace to enable support for security, such as:

<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider ref="authenticator" />
</security:authentication-manager>

<security:global-method-security pre-post-annotations="enabled" />

<bean id="authenticator"
    class="org.springframework.security.authentication.TestingAuthenticationProvider" />

我尝试仅使用@Configuration类使用不带XML的Spring.这种配置与上述XML示例的普通Java等效项是什么?

I try to use Spring without XML, with only @Configuration classes. What is the plain Java equivalent of such configuration as the XML sample above?

推荐答案

编辑:2013年12月

EDIT: In December 2013 Spring Security 3.2 was released and Java Configuration was implemented, so above XML is roughly equivalent to:

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

  @Override
  protected void configure(final AuthenticationManagerBuilder auth)
      throws Exception {
    auth.authenticationProvider(authenticator());
    super.configure(auth);
  }

  @Bean
  public AuthenticationProvider authenticator() {
    return new TestingAuthenticationProvider();
  }

}

2012年的旧答案:

不幸的是，没有任何东西. 检查此答案(半年前由Spring Security发布

Unfortunately, there isn't any. Check this answer (posted half year ago by Spring Security lead dev):

当前没有简单的方法来进行Spring Security配置 Java配置.您必须知道名称空间的作用 场景使工作变得困难且容易出错.因此，我 建议坚持使用Spring Security命名空间 配置.

There currently is no easy way to do Spring Security configuration with Java configuration. You must know what the namespace does behind the scenes making it difficult and error prone. For this reason, I would recommend sticking with the Spring Security namespace configuration.

一种选择是参与非官方项目- Scalasec -提供基于Scala的配置并且在 SpringSource博客上的这篇文章中进行了描述.同样，不建议将其用于生产，因为项目似乎已被放弃.我想有一天尝试这个项目，但目前没有空闲时间:(

One option is to contribute to an unofficial project - Scalasec - which provides Scala-based configuration and was described in this post on SpringSource blog. Again, this is not recommended for production since project seems to be abandoned. I want to experiment with this project some day but have no spare time currently :(

这篇关于春季:等效于安全性:身份验证管理器和安全性:全局方法安全性的注释的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！