- Hands-On Spring Security 5 for Reactive Applications
- Tomcy John
- 181字
- 2021-07-23 18:59:22
Step 1—Spring Security configuration setup
We will now create the all-important Spring Security configuration class and make sure that the default filter chain for Spring Security is set up to secure all the resources:
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication().dataSource(dataSource)
.usersByUsernameQuery("select username, password, enabled"
+ " from users where username = ?")
.authoritiesByUsernameQuery("select username, authority "
+ "from authorities where username = ?")
.passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().hasAnyRole("ADMIN", "USER")
.and()
.httpBasic(); // Use Basic authentication
}
}
In Spring Security configuration, the first thing that we do is tell Spring Security that you will have to authenticate the user against a database by using a defined user query and checking the user's authority using the defined authority query.
We then set up the authentication mechanism to retrieve the user's credentials. Here we are using basic authentication as the mechanism to capture user credentials. Please note that the role names being used to check doesn't have the prefix ROLE_.
推薦閱讀
- Extending Symfony2 Web Application Framework
- 網(wǎng)絡(luò)安全與管理
- Metasploit Penetration Testing Cookbook(Second Edition)
- 網(wǎng)絡(luò)安全保障能力研究
- 走進(jìn)新安全:讀懂網(wǎng)絡(luò)安全威脅、技術(shù)與新思想
- 黑客攻防與無線安全從新手到高手(超值版)
- 代碼審計:企業(yè)級Web代碼安全架構(gòu)
- Python Penetration Testing Cookbook
- Advanced Penetration Testing for Highly:Secured Environments(Second Edition)
- 持續(xù)集成:軟件質(zhì)量改進(jìn)和風(fēng)險降低之道
- CTF快速上手:PicoCTF真題解析(Web篇)
- Mastering Python for Networking and Security
- Kali Linux高級滲透測試(原書第4版)
- 企業(yè)數(shù)據(jù)安全防護(hù)指南
- Android Application Security Essentials