根据 Dave Syer 在最新版的Spring Boot中的声明,配置Spring安全性的最佳方法是使用Java配置。
我需要一个SHA-256编码器,但是我没有找到任何简单而又好的实现方案。您只需要使用passwordEnprer配置jdbcAuthentication。这真的很简单:
@EnableWebSecuritypublic class SpringSecurityConfigurer extends WebMvcConfigurerAdapter { @Override public void addViewControllers(ViewControllerRegistry registry) { registry.addViewController("/login").setViewName("login"); } @Bean public ApplicationSecurity applicationSecurity() { return new ApplicationSecurity(); } @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER) protected static class ApplicationSecurity extends WebSecurityConfigurerAdapter { @Autowired private SecurityProperties security; @Autowired private DataSource dataSource; @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/css/**").permitAll().anyRequest().fullyAuthenticated() .and().formLogin().loginPage("/login").failureUrl("/login?error").permitAll() .and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/login"); } PasswordEnprer sha256PasswordEnprer = new PasswordEnprer() { @Override public String enpre(CharSequence rawPassword) { return Hashing.sha256().hashString(rawPassword, Charsets.UTF_8).toString(); } @Override public boolean matches(CharSequence rawPassword, String enpredPassword) { return enpredPassword.equals(Hashing.sha256().hashString(rawPassword, Charsets.UTF_8).toString()); } }; @Override public void configure(AuthenticationManagerBuilder auth) throws Exception { auth.jdbcAuthentication() .dataSource(this.dataSource) .passwordEnprer(sha256PasswordEnprer); } }}
