如何将参数从自定义注解传递到库中的WebSecurity配置器

yh2wf1be  于 2021-10-10  发布在  Java
关注(0)|答案(2)|浏览(382)

大家好,我们正在构建定制的spring安全库
我们需要通过{/v1“,“/v2”}路径 @EnableMySpringSecurity(excludePaths = {"/v1","/v2"}) 它存在于库websecurity的主项目中,因此我们可以从安全性Angular 忽略这些端点

  1. @EnableMySpringSecurity(excludePaths = {"/v1","/v2"})
  2. @EnableWebMvc
  3. public class WebAppConfiguration extends BaseWebAppConfiguration {

自定义jar中的web安全性配置

  1. @EnableWebSecurity(debug = true)
  2. @Configuration
  3. @EnableGlobalMethodSecurity(prePostEnabled = true)
  4. public static class SecurityConfig extends WebSecurityConfigurerAdapter {
  5. @Override
  6. public void configure(WebSecurity web){
  7. web.ignoring().antMatchers(excludePaths );

如何将从@enablemyspringsecurity传递的值传递给WebSecurity web.ignoring.antmatchers
我们的注解配置

  1. @Retention(RetentionPolicy.RUNTIME)
  2. @Target(ElementType.TYPE)
  3. public @interface EnableMySpringSecurity {
  4. String[] excludePaths() default {};
  5. }

我尝试过applicationstartuplistener,但问题是,它是在WebSecurity配置之后初始化的

  1. public class ApplicationStartupListener implements
  2. ApplicationListener<ContextRefreshedEvent> {
  3. private ApplicationContext context;
  4. private EnableMySSAnnotationProcessor processor;
  5. public ApplicationStartupListener(ApplicationContext context,
  6. EnableMySSAnnotationProcessor processor) {
  7. this.context = context;
  8. this.processor = processor;
  9. }
  10. @Override
  11. public void onApplicationEvent(ContextRefreshedEvent contextRefreshedEvent) {
  12. Optional<EnableMySpringSecurity> annotation =
  13. context.getBeansWithAnnotation(EnableMySpringSecurity.class).keySet().stream()
  14. .map(key -> context.findAnnotationOnBean(key, EnableMySpringSecurity.class))
  15. .findFirst();
  16. annotation.ifPresent(enableMySpringSecurity-> processor.process(enableMySpringSecurity));
  17. }
  18. }
zysjyyx4

zysjyyx41#

一种方法是使用 @Import 注解:

  1. @Retention(RetentionPolicy.RUNTIME)
  2. @Target(ElementType.TYPE)
  3. @Import(MyWebSecurityConfiguration.class)
  4. @EnableWebSecurity
  5. public @interface EnableMyWebSecurity {
  6. String[] paths() default [];
  7. }

然后是 ImportAware 接口:

  1. @Configuration
  2. public class MyWebSecurityConfiguration implements ImportAware {
  3. private String[] paths;
  4. @Bean
  5. WebSecurityCustomizer paths() {
  6. return (web) -> web.ignoring().antMatchers(paths);
  7. }
  8. @Override
  9. public void setImportMetadata(AnnotationMetadata importMetadata) {
  10. EnableMyWebSecurity annotation = importMetadata
  11. .getAnnotations().get(EnableMyWebSecurity.class).synthesize();
  12. this.paths = annotations.paths();
  13. }
  14. }

顺便说一下,当您排除路径时,spring security不能将安全头添加为响应的一部分。如果希望这些端点受到Spring Security的保护,但要公开,那么请考虑:

  1. @Configuration
  2. public class MyWebSecurityConfiguration implements ImportAware {
  3. private String[] paths;
  4. @Bean
  5. @Order(1)
  6. SecurityFilterChain paths(HttpSecurity http) {
  7. http
  8. .requestMatchers((requests) -> requests.antMatchers(paths))
  9. .authorizeRequests((authorize) -> authorize
  10. .anyRequest().permitAll()
  11. );
  12. return http.build();
  13. }
  14. @Override
  15. public void setImportMetadata(AnnotationMetadata importMetadata) {
  16. EnableMyWebSecurity annotation = importMetadata
  17. .getAnnotations().get(EnableMyWebSecurity.class).synthesize();
  18. this.paths = annotations.paths();
  19. }
  20. }

第二种方法的好处是Spring Security 不需要身份验证,但会添加安全响应头。

展开查看全部
tjjdgumg

tjjdgumg2#

jzheaux提供的解决方案有效
还有一个解决方案-使用应用程序上下文getbeanswithannoation

  1. @EnableWebSecurity(debug = true)
  2. @Configuration
  3. @Order(2147483640)
  4. @EnableGlobalMethodSecurity(prePostEnabled = true)
  5. public class SecurityConfig extends WebSecurityConfigurerAdapter {
  6. @Autowired
  7. private ApplicationContext appContext;
  8. @Override
  9. public void configure(WebSecurity web){
  10. Map<String,Object> beanMap = this.appContext.getBeansWithAnnotation(EnableMYSpringSecurity.class);
  11. if(!beanMap.isEmpty()){
  12. EnableMYSpringSecurityanno = (EnableMYSpringSecurity) this.appContext.findAnnotationOnBean(beanMap.keySet()
  13. .iterator()
  14. .next(),EnableMYSpringSecurity.class);
  15. String[] permitPaths = anno.excludePaths();
  16. Arrays.stream(permitPaths).forEach(System.out::println);
  17. }
展开查看全部

相关问题