将spring.xml转换为基于Java的安全配置类

问题描述:

我正试图将Spring Security应用到我的Spring Boot应用程序中。我一直试图将Spring XML转换为SecurityConfig类。将spring.xml转换为基于Java的安全配置类

以下是XML配置。

<?xml version="1.0" encoding="UTF-8"?> 
<bean:beans 
    xmlns:bean="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:c="http://www.springframework.org/schema/c" 
    xmlns="http://www.springframework.org/schema/security" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
     http://www.springframework.org/schema/beans/spring-beans-4.0.xsd 
     http://www.springframework.org/schema/security 
     http://www.springframework.org/schema/security/spring-security-4.0.xsd"> 

    <!-- 
    Applies to root appContext beans only, for MVC Controllers is this declaration repeated in MVC config. 
    Actually, we currently don't need this as we have on annotation outside of MVC. 
    There is more here that can go wrong. If you use interface-based proxy (our demo uses CGLib), you may 
    need to add proxy-target-class="true" as well. Book "Spring Security 3.1", Chapter 10, Fine-grained 
    Access Control, from header "Method security on Spring MVC controllers" on discusses these topics. 
    --> 
    <global-method-security secured-annotations="enabled"/> 

    <http realm="Protected API" 
     use-expressions="true" 
     create-session="stateless" 
     entry-point-ref="unauthorizedEntryPoint" 
     authentication-manager-ref="restAuthenticationManager"> 

     <!-- 
     Added after moving to Spring Boot 1.3 + Spring Security 4.x, 
     otherwise we could not login with basic auth because of: Expected CSRF token not found 
     TODO: Please, mind, that I did not migrate this XML to Spring Security 4.x except for this element 
     --> 
     <csrf disabled="true"/> 

     <!-- 
     This is not easily possible, because it causes: 
     DEBUG o.s.s.w.a.ExceptionTranslationFilter - Authentication exception occurred; redirecting to authentication entry point 
     org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: An Authentication object was not found in the SecurityContext 
     --> 
     <!--<anonymous enabled="false"/>--> 
     <custom-filter ref="restAuthenticationFilter" position="FORM_LOGIN_FILTER"/> 

     <intercept-url pattern="/*" access="permitAll"/> 
     <intercept-url pattern="/secure/**" access="isFullyAuthenticated()"/> 
    </http> 

    <bean:bean id="unauthorizedEntryPoint" class="com.github.virgo47.respsec.main.restsec.UnauthorizedEntryPoint"/> 

    <bean:bean id="userDetailService" class="com.github.virgo47.respsec.main.secimpl.MyUserDetailsService"/> 

    <authentication-manager id="restAuthenticationManager"> 
     <authentication-provider user-service-ref="userDetailService"> 
      <!-- 
      Default password encoder is PlaintextPasswordEncoder, which fits with our hardcoded users. 
      Obviously not a good choice otherwise. 
      --> 
     </authentication-provider> 
    </authentication-manager> 

    <bean:bean id="tokenManager" class="com.github.virgo47.respsec.main.secimpl.TokenManagerSingle"/> 

    <bean:bean id="authenticationService" class="com.github.virgo47.respsec.main.secimpl.AuthenticationServiceDefault" 
     c:authenticationManager-ref="restAuthenticationManager" c:tokenManager-ref="tokenManager"/> 

    <bean:bean id="restAuthenticationFilter" class="com.github.virgo47.respsec.main.restsec.TokenAuthenticationFilter" 
     c:authenticationService-ref="authenticationService" c:logoutLink="/logout"/> 
</bean:beans> 

这是安全配置,我已经写了:

@Configuration 
@EnableWebSecurity 
@EnableAutoConfiguration(exclude = {SecurityAutoConfiguration.class}) 
@Order(1) 
public class SecurityConfig extends WebSecurityConfigurerAdapter { 

    @Autowired 
    private UnauthorizedEntryPoint unauthorizedEntryPoint; 

    @Autowired 
    private ChecklistUserDetailsService checklistUserDetailsService; 

    @Autowired 
    private TokenManagerSingle tokenManager; 

    @Autowired 
    private AuthenticationService authenticationService; 

    @Autowired 
    private ChecklistUserRepository checklistUserRepository; 

    @Bean 
    public UnauthorizedEntryPoint unauthorizedEntryPoint() { 
     return new UnauthorizedEntryPoint(); 
    } 

    @Bean 
    public AuthenticationService authenticationService() { 
     return ; 
    } 
    @Bean 
    public AuthenticationEntryPoint unauthorizedEntryPoint() { 
     return new RestApiAuthenticationEntryPoint(); 
    } 

    @Bean 
    @Override 
    protected void configure(HttpSecurity http) throws Exception { 

     http 
       .addFilterBefore(anonymousFilter(), AnonymousAuthenticationFilter.class) 
       .csrf().disable() //TODO: CSRF should not be disabled. JIRA issue IN-163 tracks this. 
       .x509() // Go with default Spring settings for X509 
        .and() 
       .exceptionHandling() 
        .authenticationEntryPoint(unauthorizedEntryPoint()) 
        .and() 
       .authorizeRequests() 
        .antMatchers(HttpMethod.POST, "/checklists").fullyAuthenticated() 
        .antMatchers(HttpMethod.GET, "/checklists").anonymous() 
        .antMatchers(HttpMethod.POST, "checklists/login").permitAll() 
    } 

    @Autowired 
    public void configureAuth(AuthenticationManagerBuilder auth) { 
     try { 
      auth.userDetailsService(userDetailsService()) 
        .passwordEncoder(passwordEncoder()); 
     } catch (Exception e) { 
      final String msg = "Exception occurred while configuring AuthenticationManagerBuilder: " + e.toString(); 
      throw new RuntimeException(msg, e.getCause()); 
     } 
    } 

    @Bean 
    public PasswordEncoder passwordEncoder() { 
     return new BCryptPasswordEncoder(); 
    } 
} 

错误:

No qualifying bean of type 'life.plank.snap.security.impl.TokenManagerSingle' 

我想你需要:

创建com.github.virgo47.respsec.main.secimpl.TokenManagerSingle回报类新豆,把这些行放在你的配置中:

@Bean 
public TokenManagerSingle tokenManager(){ 
    return new TokenManagerSingle(); 
}