- Hands-On Spring Security 5 for Reactive Applications
- Tomcy John
- 181字
- 2021-07-23 18:59:22
Step 1—Spring Security configuration setup
We will now create the all-important Spring Security configuration class and make sure that the default filter chain for Spring Security is set up to secure all the resources:
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery("select username, password, enabled"
+ " from users where username = ?")
.authoritiesByUsernameQuery("select username, authority "
+ "from authorities where username = ?")
.passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().hasAnyRole("ADMIN", "USER")
.and()
.httpBasic(); // Use Basic authentication
}
}
In Spring Security configuration, the first thing that we do is tell Spring Security that you will have to authenticate the user against a database by using a defined user query and checking the user's authority using the defined authority query.
We then set up the authentication mechanism to retrieve the user's credentials. Here we are using basic authentication as the mechanism to capture user credentials. Please note that the role names being used to check doesn't have the prefix ROLE_.
推薦閱讀
- Extending Symfony2 Web Application Framework
- Securing Blockchain Networks like Ethereum and Hyperledger Fabric
- 數(shù)據(jù)安全實(shí)踐指南
- 代碼審計(jì):企業(yè)級(jí)Web代碼安全架構(gòu)
- Kali Linux Network Scanning Cookbook(Second Edition)
- 數(shù)據(jù)安全與隱私計(jì)算(第3版)
- Falco云原生安全:Falco原理、實(shí)踐與擴(kuò)展
- 可信計(jì)算3.0工程初步(第二版)
- Digital Forensics with Kali Linux
- 先進(jìn)云安全研究與實(shí)踐
- 數(shù)據(jù)要素安全:新技術(shù)、新安全激活新質(zhì)生產(chǎn)力
- 編譯與反編譯技術(shù)實(shí)戰(zhàn)
- 數(shù)據(jù)保護(hù):工作負(fù)載的可恢復(fù)性
- 網(wǎng)絡(luò)服務(wù)安全與監(jiān)控
- 黑客攻擊與防范實(shí)戰(zhàn)從入門到精通