java - Spring Security中将XML配置转换为java配置以实现全局方法安全

标签 java spring spring-security

我正在尝试将xml配置转换为java配置

我的 XML 配置是这样的 

<security:global-method-security secured-annotations="enabled" pre-post-annotations="enabled" access-decision-manager-ref="methodAccessDecisionManager">
        <security:expression-handler ref="methodExpressionHandler"/>
</security:global-method-security>

我尝试使用注释进行转换

@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)

但我不知道如何转换和使用全局安全方法 access-decision-manager-ref="methodAccessDecisionManager"<security:expression-handler ref="methodExpressionHandler"/>

最佳答案

您可以编写自定义方法安全配置,请参阅 Spring Security Reference :

5.10.2 GlobalMethodSecurityConfiguration

Sometimes you may need to perform operations that are more complicated than are possible with the @EnableGlobalMethodSecurity annotation allow. For these instances, you can extend the GlobalMethodSecurityConfiguration ensuring that the @EnableGlobalMethodSecurity annotation is present on your subclass. For example, if you wanted to provide a custom MethodSecurityExpressionHandler, you could use the following configuration:

@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
  @Override
  protected MethodSecurityExpressionHandler createExpressionHandler() {
      // ... create and return custom MethodSecurityExpressionHandler ...
      return expressionHandler;
  }
}

For additional information about methods that can be overridden, refer to the GlobalMethodSecurityConfiguration Javadoc.

您修改后的代码:

@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {

    @Autowired
    private AccessDecisionManager accessDecisionManager;

    @Autowired
    private MethodSecurityExpressionHandler methodSecurityExpressionHandler;

    protected MethodSecurityExpressionHandler createExpressionHandler() {
        return methodSecurityExpressionHandler;
    }

    protected AccessDecisionManager accessDecisionManager() {
        return accessDecisionManager;
    }
}

关于java - Spring Security中将XML配置转换为java配置以实现全局方法安全,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50268511/

上一篇:java - Android Activity 问题 startActivity (我只想显示)

下一篇:java - @NotNull @QueryParam ("String") 字符串在 Jersey 验证中不起作用

相关文章:

java - 通过 TCP 套接字 Java 读/写流式音频

java - 如何使用已在另一个 .xml 文件中配置的 bean?

java - 在 Spring Controller 中返回原始类型/包装器的最佳方法是什么?

java - 在 spring boot schema.sql 文件中执行过程的问题

spring-security-oauth2 2.0.7 刷新 token UserDetailsS​​ervice 配置 - UserDetailsS​​ervice 是必需的

java - 如何检测用户是否被切换(Spring Security)

java - 与Java编程的混淆

java - 如何修复 ubuntu 18.04 中的 "Command ' appletviewer' not found"

java - 我做错了什么让我的应用程序在启动时运行?

java - SonarQube 在 Spring Framework Controller 和 Spring Framework 应用程序主类中显示安全错误

©2024 IT工具网  联系我们