Spring security中registerGlobal()、configure()、configureGlobal()、configureGlobalSecurity的区别 [英] Difference between registerGlobal(), configure(), configureGlobal(),configureGlobalSecurity in Spring security
问题描述
我有以下三个代码片段都在做同样的事情:创建内存中的身份验证.那么它如何影响在不同的方法名称中定义它?
I have below three code snippets all doing the same thing: creating in-memory authentication. So how it impacts defining it in different method names?
- 注册全球
- 配置
- configureGlobal
- 配置全局安全性
第一个:
public void registerGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER").and()
.withUser("admin").password("password").roles("USER","ADMIN");
}
}
第二个:
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
第三个:
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
第四:
@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password("user").roles("USER");
}
更新 1:我还想补充一件事:
configure() 方法存在于 WebSecurityConfigurerAdapter 类中,而其他方法不存在.
configure() method is present in WebSecurityConfigurerAdapter class while others are not present.
更新 2:
我将示例项目中的方法重命名为下面的方法,令我惊讶的是它可以正常工作并对用户进行身份验证.
I renamed the method in my sample project to below and to my surprise it is working and authenticating the users.
你随便给它起个名字就行了
@Autowired
public void anyMethodName(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password("user").roles("USER");
}
推荐答案
实际上,您只有两种不同的选择.
In fact, you only have 2 different options.
选项 1:仅使用注释(它涵盖了您的示例 1、3 和 4 - 请注意,您没有在示例中包含相关的注释)
Option 1: using annotations only (it cover your example 1, 3 and 4 - note that you didn't include relevant annotations in your samples)
registerGlobal、configureGlobal、configureGlobalSecurity 是完全相同的做事方式.您可以根据自己的喜好命名方法.唯一的限制是:
registerGlobal, configureGlobal, configureGlobalSecurity are exact same way of doing things. You can name the method according your tastes. The only constraints are :
- 使用
@Autowired 注释方法 - 该方法必须在用以下之一注释的类中:@EnableWebSecurity, @EnableWebMvcSecurity, @EnableGlobalMethodSecurity 或 @EnableGlobalAuthentication
- (当然,该方法有一个
AuthenticationManagerBuilder)
(正如你所见,方法的名称并不重要,这就是为什么你在谷歌搜索代码示例时发现了这么多不同的方法名称)
(as you can see the name of the method is not important, that is why you found so many different method name when googling for code samples)
这是它的外观示例:
@EnableWebSecurity
public class MyConfiguration {
@Autowired
public void whatever(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password("password").roles("USER").and()
.withUser("admin").password("password").roles("USER", "ADMIN");
}
...
}
选项 2:使用注释 + 方法覆盖(它涵盖了您的示例 2)
Option 2: using annotations + method overriding (it cover your example 2)
覆盖 configure 是 WebSecurityConfigurerAdapter(或任何实现 WebSecurityConfigurer) 但它与另一个选项具有相同的效果.
Overriding configure is a convenient approach in a subclass of WebSecurityConfigurerAdapter (or any @Configuration class implementing WebSecurityConfigurer) but it have the same effect as the other option.
这只是品味/编程风格的问题,因为两种方法都有相同的效果.
It's only a question of taste/programming-style because both approachs have the same effect.
当您希望/需要将配置保留在单个类中时,第一个选项是有意义的,但是您的 @Configuration 类已经扩展了一些其他类(并且您不想实现整个 WebSecurityConfigurer 接口).
The first option make sense when you want/need to keep your configuration in a single class, but your @Configuration class already extends some other class (and you don't want to implement the whole WebSecurityConfigurer interface).
让我们更详细地解释我的最后一点.Spring 提供了许多 Adapter 类,您可以对其进行扩展以加快 Spring 配置的开发.
Let's explain my last point in more details. Spring provides many Adapter classes that you can extends to speed up the development of your Spring configuration.
以一个常用的Adapter为例:WebMvcConfigurerAdapter.您将从一个非常简单的配置开始:
As an example, let's take a commonly used Adapter : WebMvcConfigurerAdapter. You will start with a very simple configuration like this :
@EnableWebMvc
@Configuration
@ComponentScan({ "com.company.mypackage" })
public class SpringWebConfig extends WebMvcConfigurerAdapter {
}
这里重要的是:你的类已经扩展了一个Adapter类,所以你不能扩展另一个
What's important here : your class already extends an Adapter class, so you can't extends another one
现在,您需要添加安全配置.您可以选择将它包含在现有的 SpringWebConfig 配置类中,或者创建一个新的 安全特定 配置类.以下是两种方法的示例:
Now, you need to add security configuration. You have the choice between including it in your existing SpringWebConfig configuration class or create a new security specific configuration class. Here is a sample of both approaches:
1) 单个@Configuration 类方法
这里需要注意的重要事项:SpringWebConfig extends WebMvcConfigurerAdapter + @EnableWebSecurity
What's important to note here : SpringWebConfig extends WebMvcConfigurerAdapter + @EnableWebSecurity
@EnableWebMvc
@Configuration
@ComponentScan({ "com.company.mypackage" })
@EnableWebSecurity
public class SpringWebConfig extends WebMvcConfigurerAdapter {
@Autowired
public void whatever(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password("password").roles("USER").and()
.withUser("admin").password("password").roles("USER", "ADMIN");
}
}
2) 特定的安全@Configuration 类
此处需要注意的重要事项:MySecurityConfig 扩展 WebSecurityConfigurerAdapter
What's important to note here : MySecurityConfig extends WebSecurityConfigurerAdapter
保持你的 SpringWebConfig 原样并创建一个新的 @Configuration 类:
Keep your SpringWebConfig as it was and create a new @Configuration class :
@Configuration
@EnableWebSecurity
public class MySecurityConfig extends WebSecurityConfigurerAdapter {
@Overide
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password("password").roles("USER").and()
.withUser("admin").password("password").roles("USER", "ADMIN");
}
}
这篇关于Spring security中registerGlobal()、configure()、configureGlobal()、configureGlobalSecurity的区别的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
