spring security - secured - ¿Puedo utilizar una GlobalMethodSecurityConfiguration y un WebSecurityConfigurerAdapter en una aplicación Spring?
spring security methods (2)
Mi aplicación tiene las clases de configuración GlobalMethodSecurityConfiguration y WebSecurityConfigurerAdapter. Mis implementaciones se dan a continuación:
Mi implementación GlobalMethodSecurityConfiguration :
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MethodSecurityConfiguration extends GlobalMethodSecurityConfiguration {
@Override
protected AuthenticationManager authenticationManager() {
AuthenticationManager authenticationManager = new ProviderManager();
return authenticationManager;
}
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
expressionHandler.setPermissionEvaluator(permissionEvaluator());
return expressionHandler;
}
@Bean
public ApplicationPermissionEvaluator permissionEvaluator() {
return new ApplicationPermissionEvaluator(permissionMap());
}
private Map<String, Permission> permissionMap() {
Map<String, Permission> map = new HashMap<>();
map.put("CurriculumService:findCurriculumIsAllowed", curriculumByIdOwnerPermission());
map.put("CurriculumService:updateCurriculumIsAllowed", curriculumOwnerPermission());
return map;
}
@Bean(autowire=Autowire.BY_NAME)
public CurriculumByIdOwnerPermission curriculumByIdOwnerPermission() {
return new CurriculumByIdOwnerPermission();
}
@Bean(autowire=Autowire.BY_NAME)
public CurriculumOwnerPermission curriculumOwnerPermission() {
return new CurriculumOwnerPermission();
}
}
y mi implementación WebSecurityConfigurerAdapter :
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
//@formatter:off
http
//.csrf().disable()
.exceptionHandling().authenticationEntryPoint(delegatingAuthenticationEntryPoint())
.and().formLogin()
.loginProcessingUrl("/signin")
.loginPage("/signin")
.failureUrl("/signin?login_error=t")
.defaultSuccessUrl("/dashboard", Boolean.TRUE)
.and().logout()
.logoutUrl("/resources/j_spring_security_logout")
.logoutSuccessUrl("/signin")
.and().authorizeRequests()
.accessDecisionManager(accessDecisionManager())
.antMatchers("/preference/sendPasswordReset/**", "/preference/passwordReset/**", "/preference/activateEmail/**", "/preference/resendActivationEmail/**").permitAll()
.antMatchers("/preference/**").access("hasAnyRole(''ROLE_BASIC_CHILDMINDER'', ''ROLE_BASIC_FAMILY'')")
.antMatchers("/dashboard").access("hasAnyRole(''ROLE_BASIC_CHILDMINDER'', ''ROLE_BASIC_FAMILY'')")
.antMatchers("/curriculum/**").access("hasRole(''ROLE_BASIC_CHILDMINDER'')")
.antMatchers("/advertisement/**/view/**").permitAll()
.antMatchers("/advertisement/family/**").access("hasRole(''ROLE_BASIC_FAMILY'')")
.antMatchers("/advertisement/childminder/**").access("hasRole(''ROLE_BASIC_CHILDMINDER'')")
.antMatchers("/resources/**", "/**").permitAll();
//@formatter:on
super.configure(http);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder());
}
@Bean
public MemberUserDetailsService userDetailsService() {
return new MemberUserDetailsService();
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
return passwordEncoder;
}
@Bean
public SessionRegistryImpl sessionRegistry() {
SessionRegistryImpl sessionRegistry = new SessionRegistryImpl();
return sessionRegistry;
}
@Bean
public AffirmativeBased accessDecisionManager() {
AffirmativeBased accessDecisionManager = new AffirmativeBased(accessDecisionVoters());
return accessDecisionManager;
}
public List<AccessDecisionVoter> accessDecisionVoters() {
List<AccessDecisionVoter> accessDecisionVoters = new ArrayList<>();
accessDecisionVoters.add(roleHierarchyVoter());
accessDecisionVoters.add(webExpressionVoter());
return accessDecisionVoters;
}
@Bean
public WebExpressionVoter webExpressionVoter() {
WebExpressionVoter webExpressionVoter = new WebExpressionVoter();
webExpressionVoter.setExpressionHandler(defaultWebSecurityExpressionHandler());
return webExpressionVoter;
}
@Bean
public DefaultWebSecurityExpressionHandler defaultWebSecurityExpressionHandler() {
DefaultWebSecurityExpressionHandler defaultWebSecurityExpressionHandler = new DefaultWebSecurityExpressionHandler();
defaultWebSecurityExpressionHandler.setRoleHierarchy(roleHierarchy());
return defaultWebSecurityExpressionHandler;
}
@Bean
public RoleHierarchyVoter roleHierarchyVoter() {
RoleHierarchyVoter roleHierarchyVoter = new RoleHierarchyVoter(roleHierarchy());
return roleHierarchyVoter;
}
@Bean
public RoleHierarchyImpl roleHierarchy() {
RoleHierarchyImpl roleHierarchy = new RoleHierarchyImpl();
//@formatter:off
roleHierarchy.setHierarchy(
"ROLE_ADMINISTRATOR > ROLE_MODERATOR/n" +
"ROLE_MODERATOR > ROLE_SUBSCRIBED_FAMILY/n" +
"ROLE_MODERATOR > ROLE_SUBSCRIBED_CHILDMINDER/n" +
"ROLE_SUBSCRIBED_FAMILY > ROLE_BASIC_FAMILY/n" +
"ROLE_SUBSCRIBED_CHILDMINDER > ROLE_BASIC_CHILDMINDER");
//@formatter:on
return roleHierarchy;
}
@Bean
public DelegatingAuthenticationEntryPoint delegatingAuthenticationEntryPoint() {
DelegatingAuthenticationEntryPoint delegatingAuthenticationEntryPoint = new DelegatingAuthenticationEntryPoint(map());
delegatingAuthenticationEntryPoint.setDefaultEntryPoint(loginUrlAuthenticationEntryPoint());
return delegatingAuthenticationEntryPoint;
}
public LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> map() {
LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> map = new LinkedHashMap<>();
map.put(ajaxRequestMatcher(), ajaxAuthenticationEntryPoint());
return map;
}
@Bean
public LoginUrlAuthenticationEntryPoint loginUrlAuthenticationEntryPoint() {
LoginUrlAuthenticationEntryPoint loginUrlAuthenticationEntryPoint = new LoginUrlAuthenticationEntryPoint("/signin");
return loginUrlAuthenticationEntryPoint;
}
@Bean
public AjaxAuthenticationEntryPoint ajaxAuthenticationEntryPoint() {
AjaxAuthenticationEntryPoint ajaxAuthenticationEntryPoint = new AjaxAuthenticationEntryPoint();
return ajaxAuthenticationEntryPoint;
}
@Bean
public AjaxRequestMatcher ajaxRequestMatcher() {
AjaxRequestMatcher ajaxRequestMatcher = new AjaxRequestMatcher();
return ajaxRequestMatcher;
}
@Bean
public RequestDataValueProcessor requestDataValueProcessor() {
return new CsrfRequestDataValueProcessor();
}
}
No estoy seguro de cómo configurar el administrador de autenticación. ¿Es la siguiente una forma correcta de proceder?
@Override
protected AuthenticationManager authenticationManager() {
AuthenticationManager authenticationManager = new ProviderManager();
return authenticationManager;
}
Cualquier entrada bienvenida ...
Estaba buscando una manera de hacer esto también. Lo siguiente funcionó para mí:
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends GlobalMethodSecurityConfiguration {
@Autowired
protected void configureGlobal (AuthenticationManagerBuilder auth) {
// Configure auth mgr
}
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
// Configure expression handler
}
@Configuration
public static class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// Configure HTTP security
}
}
}
Puede anular el método de configuración (AuthencationManagerBuilder auth) en WebSecurityConfigurerAdapter. Si su requisito es solo usar su UserDetailsService, podría hacer lo siguiente:
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(this.userDetailsService).passwordEncoder(passwordEncoder());
}
Desde su código, puede usar el siguiente método.
authenticationManagerBuilder.authenticationProvider(AuthenticationProvider authenticationProvider)
Si tiene requisitos más complejos, puede consultar la API de seguridad de primavera. http://docs.spring.io/spring-security/site/docs/3.2.0.RC2/apidocs/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.html