@Configuration
@ConditionalOnClass(value={org.springframework.security.authentication.DefaultAuthenticationEventPublisher.class,org.springframework.security.config.annotation.web.configuration.EnableWebSecurity.class,org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.class})
@ConditionalOnBean(value=AbstractSecurityConfig.class)
@EnableConfigurationProperties(value={SecurityProperties.class,SocialProperties.class})
@Import(value={SecurityRedisAutoConfiguration.class,SecurityAuthorizeProviderAutoConfiguration.class,SecurityHandlerAutoConfiguration.class,HttpSecurityAutoConfiguration.class})
@ConditionalOnProperty(prefix="yishuifengxiao.security",
name="enable",
havingValue="true",
matchIfMissing=true)
public class SecurityCoreAutoConfiguration
extends Object
| Constructor and Description |
|---|
SecurityCoreAutoConfiguration() |
| Modifier and Type | Method and Description |
|---|---|
org.springframework.web.servlet.i18n.AcceptHeaderLocaleResolver |
acceptHeaderLocaleResolver()
错误提示国际化
|
org.springframework.security.authentication.dao.DaoAuthenticationProvider |
authenticationProvider(org.springframework.security.core.userdetails.UserDetailsService userDetailsService,
org.springframework.security.crypto.password.PasswordEncoder passwordEncoder)
将密码加密类注入到spring security中
|
void |
checkConfig() |
HandlerProcessor |
handlerProcessor()
注入一个默认的协助处理器
|
org.springframework.security.web.authentication.rememberme.PersistentTokenRepository |
inMemoryTokenRepository()
记住密码策略【存储内存中在redis数据库中】
|
org.springframework.context.support.ReloadableResourceBundleMessageSource |
messageSource()
错误提示信息国际化
|
org.springframework.security.crypto.password.PasswordEncoder |
passwordEncoder(PropertyResource propertyResource)
注入自定义密码加密类
|
PropertyResource |
propertyResource(SecurityProperties securityProperties,
SocialProperties socialProperties)
注入一个资源管理器
|
SecurityContextManager |
securityContextManager(List<AuthorizeProvider> authorizeConfigProviders,
List<HttpSecurityInterceptor> interceptors,
List<WebSecurityProvider> webSecurityProviders,
List<SecurityRequestFilter> securityRequestFilters,
PropertyResource propertyResource)
注入一个安全管理器
|
SecurityExtractor |
securityExtractor(PropertyResource propertyResource) |
SecurityHelper |
securityHelper(PropertyResource propertyResource,
org.springframework.security.core.userdetails.UserDetailsService userDetailsService,
org.springframework.security.crypto.password.PasswordEncoder passwordEncoder,
TokenBuilder tokenBuilder) |
org.springframework.security.web.session.SessionInformationExpiredStrategy |
sessionInformationExpiredStrategy()
session 失效策略,可以在此方法中记录谁把谁的登陆状态挤掉
|
TokenUtil |
tokenUtil(SecurityHelper securityHelper,
SecurityExtractor securityExtractor) |
org.springframework.security.core.userdetails.UserDetailsService |
userDetailsService(org.springframework.security.crypto.password.PasswordEncoder passwordEncoder)
注入用户查找配置类
|
@Bean @ConditionalOnMissingBean public org.springframework.security.crypto.password.PasswordEncoder passwordEncoder(PropertyResource propertyResource)
propertyResource - 资源管理器@Bean @ConditionalOnMissingBean(value=org.springframework.security.core.userdetails.UserDetailsService.class) public org.springframework.security.core.userdetails.UserDetailsService userDetailsService(org.springframework.security.crypto.password.PasswordEncoder passwordEncoder)
注入用户查找配置类
在系统没有注入UserDetailsService时,注册一个默认的UserDetailsService实例passwordEncoder - 加密器@Bean
@ConditionalOnMissingBean(value=org.springframework.security.authentication.dao.DaoAuthenticationProvider.class)
public org.springframework.security.authentication.dao.DaoAuthenticationProvider authenticationProvider(org.springframework.security.core.userdetails.UserDetailsService userDetailsService,
org.springframework.security.crypto.password.PasswordEncoder passwordEncoder)
将密码加密类注入到spring security中
此配置会被AbstractSecurityConfig收集,通过public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception 注入到spring security中
userDetailsService - UserDetailsServicepasswordEncoder - 加密器@Bean(value="messageSource") @ConditionalOnMissingBean(name="messageSource") public org.springframework.context.support.ReloadableResourceBundleMessageSource messageSource()
@Bean public org.springframework.web.servlet.i18n.AcceptHeaderLocaleResolver acceptHeaderLocaleResolver()
@Bean
@ConditionalOnMissingBean(name="redisTemplate",
value=org.springframework.security.web.authentication.rememberme.PersistentTokenRepository.class)
public org.springframework.security.web.authentication.rememberme.PersistentTokenRepository inMemoryTokenRepository()
@Bean @ConditionalOnMissingBean public org.springframework.security.web.session.SessionInformationExpiredStrategy sessionInformationExpiredStrategy()
@Bean public PropertyResource propertyResource(SecurityProperties securityProperties, SocialProperties socialProperties)
securityProperties - 安全属性配置socialProperties - spring social属性配置@Bean @ConditionalOnMissingBean(value=HandlerProcessor.class) public HandlerProcessor handlerProcessor()
@Bean @ConditionalOnMissingBean(value=SecurityExtractor.class) public SecurityExtractor securityExtractor(PropertyResource propertyResource)
@Bean @ConditionalOnMissingBean(value=SecurityHelper.class) public SecurityHelper securityHelper(PropertyResource propertyResource, org.springframework.security.core.userdetails.UserDetailsService userDetailsService, org.springframework.security.crypto.password.PasswordEncoder passwordEncoder, TokenBuilder tokenBuilder)
@Bean @ConditionalOnMissingBean(value=TokenUtil.class) public TokenUtil tokenUtil(SecurityHelper securityHelper, SecurityExtractor securityExtractor)
@Bean @ConditionalOnMissingBean(value=SecurityContextManager.class) public SecurityContextManager securityContextManager(List<AuthorizeProvider> authorizeConfigProviders, List<HttpSecurityInterceptor> interceptors, List<WebSecurityProvider> webSecurityProviders, List<SecurityRequestFilter> securityRequestFilters, PropertyResource propertyResource)
authorizeConfigProviders - 系统中所有的授权提供器实例interceptors - 系统中所有的资源授权拦截器实例webSecurityProviders - 系统中所有的 web安全授权器实例securityRequestFilters - 系统中所有的 web安全授权器实例propertyResource - 资源管理器@PostConstruct public void checkConfig()
Copyright © 2021. All rights reserved.