java Spring security中registerGlobal()、configure()、configureGlobal()、configureGlobalSecurity的区别
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/35218354/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Difference between registerGlobal(), configure(), configureGlobal(),configureGlobalSecurity in Spring security
提问by NaiveCoder
I have below three code snippets all doing the same thing: creating in-memory authentication. So how it impacts defining it in different method names?
我有以下三个代码片段都在做同样的事情:创建内存中的身份验证。那么它如何影响在不同的方法名称中定义它呢?
- registerGlobal
- configure
- configureGlobal
- configureGlobalSecurity
- 注册全球
- 配置
- 配置全局
- 配置全局安全
First one:
第一:
public void registerGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER").and()
.withUser("admin").password("password").roles("USER","ADMIN");
}
}
Second one:
第二个:
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
Third one:
第三个:
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
Fourth:
第四:
@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password("user").roles("USER");
}
UPDATE 1 :One more thing I would like to add:
更新 1:我还想补充一件事:
configure() method is present in WebSecurityConfigurerAdapter class while others are not present.
configure() 方法存在于 WebSecurityConfigurerAdapter 类中,而其他方法不存在。
UPDATE 2:
更新 2:
I renamed the method in my sample project to below and to my surprise it is working and authenticating the users.
我将示例项目中的方法重命名为下面,令我惊讶的是它正在工作并验证用户。
you name it anything and it works
你给它命名任何东西,它的工作原理
@Autowired
public void anyMethodName(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password("user").roles("USER");
}
回答by ben75
In fact, you only have 2 different options.
事实上,您只有两种不同的选择。
Option 1: using annotations only(it cover your example 1, 3 and 4 - note that you didn't include relevant annotations in your samples)
选项 1:仅使用注释(它涵盖了您的示例 1、3 和 4 - 请注意,您没有在示例中包含相关注释)
registerGlobal, configureGlobal, configureGlobalSecurityare exact same way of doing things. You can name the method according your tastes. The only constraints are :
registerGlobal, configureGlobal,configureGlobalSecurity是完全相同的做事方式。您可以根据自己的喜好命名方法。唯一的限制是:
- annotate the method with
@Autowired - the method MUST be in a class annotated with one of the following : @EnableWebSecurity, @EnableWebMvcSecurity, @EnableGlobalMethodSecurity, or @EnableGlobalAuthentication
- (and of course the method have an argument of type
AuthenticationManagerBuilder)
- 注释方法
@Autowired - 该方法必须在用以下之一注释的类中:@EnableWebSecurity、@EnableWebMvcSecurity、@EnableGlobalMethodSecurity或@EnableGlobalAuthentication
- (当然该方法有一个类型的参数
AuthenticationManagerBuilder)
(as you can see the name of the method is not important, that is why you found so many different method name when googling for code samples)
(正如你所见,方法的名称并不重要,这就是为什么你在谷歌搜索代码示例时发现了这么多不同的方法名称)
Here is an example of how it looks like :
这是它的外观示例:
@EnableWebSecurity
public class MyConfiguration {
@Autowired
public void whatever(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password("password").roles("USER").and()
.withUser("admin").password("password").roles("USER", "ADMIN");
}
...
}
Option 2: using annotations + method overriding(it cover your example 2)
选项 2:使用注释 + 方法覆盖(它涵盖了您的示例 2)
Overriding configureis a convenient approach in a subclass of WebSecurityConfigurerAdapter(or any @Configuration class implementing WebSecurityConfigurer) but it have the same effect as the other option.
configure在WebSecurityConfigurerAdapter(或任何实现的@Configuration 类WebSecurityConfigurer)的子类中,覆盖是一种方便的方法,但它与另一个选项具有相同的效果。
How to choose the correct approach?
如何选择正确的方法?
It's only a question of taste/programming-style because both approachs have the same effect.
这只是品味/编程风格的问题,因为两种方法都有相同的效果。
The first option make sense when you want/need to keep your configuration in a single class, but your @Configuration class already extends some other class (and you don't want to implement the whole WebSecurityConfigurerinterface).
当您希望/需要将配置保留在单个类中时,第一个选项是有意义的,但您的 @Configuration 类已经扩展了一些其他类(并且您不想实现整个WebSecurityConfigurer接口)。
Let's explain my last point in more details. Spring provides many Adapterclasses that you can extends to speed up the development of your Spring configuration.
让我们更详细地解释我的最后一点。Spring 提供了许多Adapter类,您可以对其进行扩展以加快 Spring 配置的开发。
As an example, let's take a commonly used Adapter : WebMvcConfigurerAdapter. You will start with a very simple configuration like this :
举个例子,我们来看一个常用的 Adapter : WebMvcConfigurerAdapter。您将从一个非常简单的配置开始,如下所示:
@EnableWebMvc
@Configuration
@ComponentScan({ "com.company.mypackage" })
public class SpringWebConfig extends WebMvcConfigurerAdapter {
}
What's important here : your class already extends an Adapterclass, so you can't extends another one
这里重要的是:你的类已经扩展了一个Adapter类,所以你不能扩展另一个
Now, you need to add security configuration. You have the choice between including it in your existing SpringWebConfigconfiguration class or create a new security specificconfiguration class. Here is a sample of both approaches:
现在,您需要添加安全配置。您可以选择将其包含在现有SpringWebConfig配置类中或创建新的安全特定配置类。以下是两种方法的示例:
1) Single @Configuration class approach
1) 单@Configuration 类方法
What's important to note here : SpringWebConfig extends WebMvcConfigurerAdapter+ @EnableWebSecurity
这里需要注意的重要事项:SpringWebConfig扩展了 WebMvcConfigurerAdapter+ @EnableWebSecurity
@EnableWebMvc
@Configuration
@ComponentScan({ "com.company.mypackage" })
@EnableWebSecurity
public class SpringWebConfig extends WebMvcConfigurerAdapter {
@Autowired
public void whatever(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password("password").roles("USER").and()
.withUser("admin").password("password").roles("USER", "ADMIN");
}
}
2) Specific security @Configuration class
2)特定的安全@Configuration类
What's important to note here : MySecurityConfig extends WebSecurityConfigurerAdapter
这里需要注意的重要事项:MySecurityConfig扩展了 WebSecurityConfigurerAdapter
Keep your SpringWebConfigas it was and create a new @Configurationclass :
保持SpringWebConfig原样并创建一个新@Configuration类:
@Configuration
@EnableWebSecurity
public class MySecurityConfig extends WebSecurityConfigurerAdapter {
@Overide
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password("password").roles("USER").and()
.withUser("admin").password("password").roles("USER", "ADMIN");
}
}
回答by Ralph
For the difference between: registerGlobal(AuthenticationManagerBuilder auth)and configureGlobal(AuthenticationManagerBuilder auth)
对于以下之间的区别:registerGlobal(AuthenticationManagerBuilder auth)和configureGlobal(AuthenticationManagerBuilder auth)
The name of the configureGlobal method is not important. However, it is important to only configure AuthenticationManagerBuilder in a class annotated with either @EnableWebSecurity, @EnableWebMvcSecurity, @EnableGlobalMethodSecurity, or @EnableGlobalAuthentication. Doing otherwise has unpredictable results.
configureGlobal 方法的名称并不重要。但是,重要的是只在用@EnableWebSecurity、@EnableWebMvcSecurity、@EnableGlobalMethodSecurity 或@EnableGlobalAuthentication 注释的类中配置AuthenticationManagerBuilder。否则会产生不可预测的结果。
Source:
Chapter "Creating your Spring Security configuration"from the "Hello Spring Security Java Config" guide.
来源:“Hello Spring Security Java Config”指南中的“Creating your Spring Security configuration”一
章。
protected void configure(AuthenticationManagerBuilder auth)is a method that is likely provided by WebSecurityConfigurer(and its interface WebSecurityConfigurer) - I would say that is just a more type save approach, but does not differ in its result.
protected void configure(AuthenticationManagerBuilder auth)是一种可能由WebSecurityConfigurer(及其接口WebSecurityConfigurer)提供的方法- 我会说这只是一种更类型的保存方法,但其结果没有区别。
