In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-08 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >
Share
Shulou(Shulou.com)06/03 Report--
The main content of this article is to explain "Why to add a Spring Security depends on all interfaces can not be accessed", interested friends might as well take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "Why do you add a Spring Security that depends on all interfaces that cannot be accessed?"
Text
When we add the Spring Security dependency to the project, it will intercept all requests by default, even without any configuration.
To change the default behavior of Spring Security, we need to do some configuration, that is, by overriding the configure (HttpSecurity http) method of WebSecurityConfigurerAdapter.
So the question is, why can you intercept requests with just a Spring Security dependency?
The answer naturally has something to do with the automatic assembly of Springboot.
SecurityAutoConfiguration assembly class
Through the @ Import annotation, you can find the SpringBootWebSecurityConfiguration class
@ Configuration (proxyBeanMethods = false) @ ConditionalOnClass (DefaultAuthenticationEventPublisher.class) @ EnableConfigurationProperties (SecurityProperties.class) @ Import ({SpringBootWebSecurityConfiguration.class, WebSecurityEnablerConfiguration.class, SecurityDataConfiguration.class}) public class SecurityAutoConfiguration {@ Bean @ ConditionalOnMissingBean (AuthenticationEventPublisher.class) public DefaultAuthenticationEventPublisher authenticationEventPublisher (ApplicationEventPublisher publisher) {return new DefaultAuthenticationEventPublisher (publisher);}} SpringBootWebSecurityConfiguration class
As you can see from @ ConditionalOnMissingBean (WebSecurityConfigurerAdapter.class), this configuration class takes effect only when WebSecurityConfigurerAdapter is not configured in the project.
When this configuration class takes effect, it will help us configure a default WebSecurityConfigurerAdapter
As can be seen from the previous, the interception mode can be defined by configuring WebSecurityConfigurerAdapter.
@ Configuration (proxyBeanMethods = false) @ ConditionalOnClass (WebSecurityConfigurerAdapter.class) @ ConditionalOnMissingBean (WebSecurityConfigurerAdapter.class) @ ConditionalOnWebApplication (type = Type.SERVLET) public class SpringBootWebSecurityConfiguration {@ Configuration (proxyBeanMethods = false) @ Order (SecurityProperties.BASIC_AUTH_ORDER) static class DefaultConfigurerAdapter extends WebSecurityConfigurerAdapter {}} WebSecurityConfigurerAdapter default behavior
As you can see from the default configuration below, the default configuration is that all requests require login authentication.
Protected void configure (HttpSecurity http) throws Exception {http .authorizeRequests () / key .anyRequest (). Authenticated () and () .formLogin (). And () .httpBasic ();} Summary
When our Springboot project introduced Spring Security dependency, the security mechanism in the project was turned on.
Because according to the automatic assembly principle of Spring boot, when loading the SecurityAutoConfiguration configuration class, the SpringBootWebSecurityConfiguration configuration class will be loaded again.
In the SpringBootWebSecurityConfiguration class, a WebSecurityConfigurerAdapter class is initialized for us by default.
One of the functions of WebSecurityConfigurerAdapter is to configure the permissions required for access requests.
If the configure (HttpSecurity http) method of this class is not overridden, its default behavior is to require login authentication for all requests.
At this point, I believe you have a deeper understanding of "why you add a Spring Security that depends on all interfaces are inaccessible". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un