我有一个项目childAchildB

我想在childA中配置childA Controller 的安全性,并在childB中配置childB Controller 的安全性。

到目前为止,我有以下SecurityConfig:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {


    @Autowired
    private CookieProperties cookieProperties;

    @Autowired
    private LdapUserDetailsManager userDetailsService;

    @Autowired
    private AuthenticationSuccessHandler authenticationSuccessHandler;

    @Autowired
    private AuthenticationEntryPoint authenticationEntryPoint;

    @Autowired
    private AuthenticationFailureHandler authenticationFailureHandler;

    @Autowired
    private AccessDeniedHandler accessDeniedHandler;

    @Autowired
    private LogoutSuccessHandler logoutSuccessHandler;

    @Autowired
    private LdapProperties ldapProperties;

    @Autowired
    private Environment environment;


    @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    public LdapDaoAuthenticationProvider ldapDaoAuthenticationProvider(LdapProperties ldapProperties) {
        LdapDaoAuthenticationProvider provider = new LdapDaoAuthenticationProvider();
        provider.setUserDetailsService(userDetailsService);
        provider.setLdapProperties(ldapProperties);
        provider.setPasswordEncoder(passwordEncoder());
        return provider;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

            auth.authenticationProvider(ldapDaoAuthenticationProvider(ldapProperties));

    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .requestMatcher(
                // how to move this in another file ?
                new OrRequestMatcher(
                    new AntPathRequestMatcher(ChildAHttpPathStore.PATH_SOMETHING),
                    new AntPathRequestMatcher(ChildBHttpPathStore.PATH_SOMETHING),
                )
            )
            .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.NEVER)
                .and()
            .csrf()
                .csrfTokenRepository(corsCookieCsrfTokenRepository())
                .and()
            .authorizeRequests()
                .antMatchers(HttpMethod.GET, CoreHttpPathStore.PING).permitAll()
                .anyRequest().hasAnyAuthority(
                        UserManagement.ROLE_AUTH_SERVICE
                )
            .and()
                .exceptionHandling()
                .accessDeniedHandler(accessDeniedHandler)
                .authenticationEntryPoint(authenticationEntryPoint)
            .and()
                .formLogin()
                .loginProcessingUrl(CoreHttpPathStore.LOGIN)
                .successHandler(authenticationSuccessHandler)
                .failureHandler(authenticationFailureHandler)
                .permitAll()
            .and()
                .logout()
                .logoutUrl(CoreHttpPathStore.LOGOUT)
                .logoutSuccessUrl(CoreHttpPathStore.LOGIN_FROM_LOGOUT)
                .logoutSuccessHandler(logoutSuccessHandler)
                .permitAll()
            .and()
                .headers().cacheControl().disable();
    }

    @Bean(name = "userPasswordEncoder")
    public LdapShaPasswordEncoder passwordEncoder() {
        return new LdapShaPasswordEncoder();
    }

    @Bean
    public CookieSerializer cookieSerializer() {
        DefaultCookieSerializer serializer = new DefaultCookieSerializer();
        if (null != cookieProperties.getName()) { serializer.setCookieName(cookieProperties.getName()); }
        if (null != cookieProperties.getPath()) { serializer.setCookiePath(cookieProperties.getPath()); }
        if (null != cookieProperties.getHttpOnly()) { serializer.setUseHttpOnlyCookie(cookieProperties.getHttpOnly()); }
        if (null != cookieProperties.getMaxAge()) { serializer.setCookieMaxAge(cookieProperties.getMaxAge()); }
        if (null != cookieProperties.getSecure()) { serializer.setUseSecureCookie(cookieProperties.getSecure()); }
        if (null != cookieProperties.getDomain()) { serializer.setDomainName(cookieProperties.getDomain()); }
        return serializer;
    }

    @Bean
    public CorsCookieCsrfTokenRepository corsCookieCsrfTokenRepository(){
        CorsCookieCsrfTokenRepository repository = new CorsCookieCsrfTokenRepository();
        repository.setCookieHttpOnly(false);
        repository.setHeaderName("X-XSRF-TOKEN");
        repository.setCookiePath(cookieProperties.getPath());
        repository.setCookieDomain(cookieProperties.getDomain());
        repository.setCookieName("XSRF-TOKEN");
        return repository;
    }

}

是否可以拆分此配置?

最佳答案

如果由于spring security docs而需要编写Multiple HttpSecurity,最简单的方法是使用一些内部 @Configuration 类创建一个常规配置,以配置HttpSecurity。

@EnableWebSecurity
public class MultiHttpSecurityConfig {
    @Bean
    public UserDetailsService userDetailsService() throws Exception {
        InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
        manager.createUser(User.withUsername("user").password("password").roles("USER").build());
        manager.createUser(User.withUsername("admin").password("password").roles("USER","ADMIN").build());
        return manager;
    }

    @Configuration
    @Order(1)
    public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
        protected void configure(HttpSecurity http) throws Exception {
            http
                .antMatcher("/api/**")
                .authorizeRequests()
                    .anyRequest().hasRole("ADMIN")
                    .and()
                .httpBasic();
        }
    }

    @Configuration
    public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                .authorizeRequests()
                    .anyRequest().authenticated()
                    .and()
                .formLogin();
        }
    }
}

09-27 06:10