SpringSecurity项目中如何在多个模块中配置认证信息

⒈在SpringSecurity项目中创建AuthorizeConfigProvider接口用于配置认证信息

1 package cn.coreqi.ssoserver.authorize;
2 
3 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
4 import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
5 
6 public interface AuthorizeConfigProvider {
7     void config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config);
8 }

⒉我们实现此接口

 1 package cn.coreqi.ssoserver.authorize.impl;
 2 
 3 import cn.coreqi.ssoserver.authorize.AuthorizeConfigProvider;
 4 import org.springframework.http.HttpMethod;
 5 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 6 import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
 7 import org.springframework.stereotype.Component;
 8 
 9 @Component
10 public class CoreqiAuthorizeConfigProvider implements AuthorizeConfigProvider {
11     @Override
12     public void config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) {
13           config.antMatchers("/oauth/*","/login/*").permitAll()
14                 .antMatchers(HttpMethod.GET,"/auth/*").hasRole("admin")
15                 .anyRequest().authenticated();  //任何请求都需要身份认证
16     }
17 }

⒊在SpringSecurity项目中创建AuthorizeConfigManager接口用于调用系统中所有的配置信息

1 package cn.coreqi.ssoserver.authorize;
2 
3 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
4 import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
5 
6 public interface AuthorizeConfigManager {
7     void config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config);
8 }

⒋我们实现此接口

 1 package cn.coreqi.ssoserver.authorize.impl;
 2 
 3 import cn.coreqi.ssoserver.authorize.AuthorizeConfigManager;
 4 import cn.coreqi.ssoserver.authorize.AuthorizeConfigProvider;
 5 import org.springframework.beans.factory.annotation.Autowired;
 6 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 7 import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
 8 import org.springframework.stereotype.Component;
 9 
10 import java.util.Set;
11 
12 @Component
13 public class CoreqiAuthorizeConfigManager implements AuthorizeConfigManager {
14     /**
15      * 将系统中所有的AuthorizeConfigProvider收集起来
16      */
17     @Autowired
18     private Set<AuthorizeConfigProvider> authorizeConfigProviders;
19     @Override
20     public void config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) {
21         for (AuthorizeConfigProvider authorizeConfigProvider : authorizeConfigProviders ){
22             authorizeConfigProvider.config(config);
23         }
24         config.anyRequest().authenticated();
25     }
26 }

⒌在SpringSecurity配置中进行如下配置

 1 @EnableWebSecurity
 2 public class SsoWebSecurityConfig extends WebSecurityConfigurerAdapter {
 3 
 4     @Autowired
 5     private AuthorizeConfigManager authorizeConfigManager;
 6     @Override
 7     protected void configure(HttpSecurity http) throws Exception {
 8         http.formLogin()
 9                 .and()
10                 .csrf().disable();    //禁用CSRF
11 
12         authorizeConfigManager.config(http.authorizeRequests());
13     }
14 }

 

posted @ 2019-04-10 20:29  SpringCore  阅读(2546)  评论(0编辑  收藏  举报