本篇文章为你整理了WebSecurityConfigurerAdapter (spring()的详细内容,包含有 WebSecurityConfigurerAdapter (spring,希望能帮助你了解 WebSecurityConfigurerAdapter (spring。
Packageorg.springframework.security.config.annotation.web.configuration
Class WebSecurityConfigurerAdapter
org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
extends java.lang.Object
implements WebSecurityConfigurer WebSecurity
Deprecated.
Use a SecurityFilterChain Bean to
configure HttpSecurity or a WebSecurityCustomizer Bean to configure
WebSecurity
Provides a convenient base class for creating a WebSecurityConfigurer instance.
The implementation allows customization by overriding methods.
Will automatically apply the result of looking up AbstractHttpConfigurer from
SpringFactoriesLoader to allow developers to extend the defaults. To do this,
you must create a class that extends AbstractHttpConfigurer and then create a file in
the classpath at "META-INF/spring.factories" that looks something like:
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer = sample.MyClassThatExtendsAbstractHttpConfigurer
If you have multiple classes that should be added you can use "," to separate
the values. For example:
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer = sample.MyClassThatExtendsAbstractHttpConfigurer, sample.OtherThatExtendsAbstractHttpConfigurer
See Also:
EnableWebSecurity
protected
WebSecurityConfigurerAdapter (booleandisableDefaults)
Deprecated.
Creates an instance which allows specifying if the default configuration should be
enabled.
protected org.springframework.context.ApplicationContext
getApplicationContext()
Deprecated.
Gets the ApplicationContext
setApplicationContext (org.springframework.context.ApplicationContextcontext)
Deprecated.
setContentNegotationStrategy (org.springframework.web.accept.ContentNegotiationStrategycontentNegotiationStrategy)
Deprecated.
Methods inherited from classjava.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
WebSecurityConfigurerAdapter
protectedWebSecurityConfigurerAdapter (booleandisableDefaults)
Deprecated.
Creates an instance which allows specifying if the default configuration should be
enabled. Disabling the default configuration should be considered more advanced
usage as it requires more understanding of how the framework is implemented.
Parameters:
disableDefaults - true if the default configuration should be disabled, else
false
configure
protectedvoidconfigure (AuthenticationManagerBuilderauth)
throws java.lang.Exception
Deprecated.
Used by the default implementation of authenticationManager() to attempt
to obtain an AuthenticationManager. If overridden, the
AuthenticationManagerBuilder should be used to specify the
AuthenticationManager.
The authenticationManagerBean() method can be used to expose the resulting
AuthenticationManager as a Bean. The userDetailsServiceBean() can
be used to expose the last populated UserDetailsService that is created
with the AuthenticationManagerBuilder as a Bean. The
UserDetailsService will also automatically be populated on
AbstractConfiguredSecurityBuilder.getSharedObject(Class) for use with other
SecurityContextConfigurer (i.e. RememberMeConfigurer )
For example, the following configuration could be used to register in memory
authentication that exposes an in memory UserDetailsService:
Override
protected void configure(AuthenticationManagerBuilder auth) {
auth
// enable in memory based authentication with a user named
// user and admin
.inMemoryAuthentication().withUser( user ).password( password ).roles( USER ).and()
.withUser( admin ).password( password ).roles( USER , ADMIN
// Expose the UserDetailsService as a Bean
Bean
Override
public UserDetailsService userDetailsServiceBean() throws Exception {
return super.userDetailsServiceBean();
Parameters:
auth - the AuthenticationManagerBuilder to use
Throws:
java.lang.Exception
authenticationManagerBean
publicAuthenticationManagerauthenticationManagerBean()
throws java.lang.Exception
Deprecated.
Override this method to expose the AuthenticationManager from
configure(AuthenticationManagerBuilder) to be exposed as a Bean. For
example:
Bean(name name="myAuthenticationManager")
Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
Returns:
the AuthenticationManager
Throws:
java.lang.Exception
userDetailsServiceBean
publicUserDetailsServiceuserDetailsServiceBean()
throws java.lang.Exception
Deprecated.
Override this method to expose a UserDetailsService created from
configure(AuthenticationManagerBuilder) as a bean. In general only the
following override should be done of this method:
Bean(name = myUserDetailsService )
// any or no name specified is allowed
Override
public UserDetailsService userDetailsServiceBean() throws Exception {
return super.userDetailsServiceBean();
To change the instance returned, developers should change
userDetailsService() instead
Returns:
the UserDetailsService
Throws:
java.lang.Exception
See Also:
userDetailsService()
publicvoidinit (WebSecurityweb)
throws java.lang.Exception
Deprecated.
Description copied from interface:SecurityConfigurer
Initialize the SecurityBuilder. Here only shared state should be created
and modified, but not properties on the SecurityBuilder used for building
the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder) method uses
the correct shared objects when building. Configurers should be applied here.
Specified by:
initin interfaceSecurityConfigurer javax.servlet.Filter, WebSecurity
Throws:
java.lang.Exception
configure
publicvoidconfigure (WebSecurityweb)
throws java.lang.Exception
Deprecated.
Override this method to configure WebSecurity. For example, if you wish to
ignore certain requests.
Endpoints specified in this method will be ignored by Spring Security, meaning it
will not protect them from CSRF, XSS, Clickjacking, and so on.
Instead, if you want to protect endpoints against common vulnerabilities, then see
configure(HttpSecurity) and the HttpSecurity.authorizeRequests()
configuration method.
Specified by:
configurein interfaceSecurityConfigurer javax.servlet.Filter, WebSecurity
Throws:
java.lang.Exception
configure
protectedvoidconfigure (HttpSecurityhttp)
throws java.lang.Exception
Deprecated.
Override this method to configure the HttpSecurity. Typically subclasses
should not invoke this method by calling super as it may override their
configuration. The default configuration is:
http.authorizeRequests().anyRequest().authenticated().and().formLogin().and().httpBasic();
Any endpoint that requires defense against common vulnerabilities can be specified
here, including public ones. See HttpSecurity.authorizeRequests() and the
`permitAll()` authorization rule for more details on public endpoints.
Parameters:
http - the HttpSecurity to modify
Throws:
java.lang.Exception - if an error occurs
getApplicationContext
protected finalorg.springframework.context.ApplicationContextgetApplicationContext()
Deprecated.
Gets the ApplicationContext
Returns:
the context
@Autowired
publicvoidsetApplicationContext (org.springframework.context.ApplicationContextcontext)
Deprecated.
@Autowired(required=false)
publicvoidsetTrustResolver (AuthenticationTrustResolvertrustResolver)
Deprecated.
@Autowired(required=false)
publicvoidsetContentNegotationStrategy (org.springframework.web.accept.ContentNegotiationStrategycontentNegotiationStrategy)
Deprecated.
@Autowired
publicvoidsetObjectPostProcessor (ObjectPostProcessor java.lang.Object objectPostProcessor)
Deprecated.
@Autowired
publicvoidsetAuthenticationConfiguration (AuthenticationConfigurationauthenticationConfiguration)
Deprecated.
以上就是WebSecurityConfigurerAdapter (spring()的详细内容,想要了解更多 WebSecurityConfigurerAdapter (spring的内容,请持续关注盛行IT软件开发工作室。
郑重声明:本文由网友发布,不代表盛行IT的观点,版权归原作者所有,仅为传播更多信息之目的,如有侵权请联系,我们将第一时间修改或删除,多谢。