0
:現時点では私はPOJOベースのコンフィグに以下のXMLベースの設定を変換しようとしている私の知恵の最後にしています
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<bean id="auth0EntryPoint" class="com.auth0.spring.security.auth0.Auth0AuthenticationEntryPoint" />
<!-- all urls starting with unsecured are -->
<security:http pattern="${auth0.securedRoute}" create-session="stateless" entry-point-ref="auth0EntryPoint" use-expressions="false">
<security:intercept-url pattern="${auth0.securedRoute}" access="ROLE_USER" />
<security:custom-filter ref="auth0Filter" after="SECURITY_CONTEXT_FILTER" ></security:custom-filter>
<security:csrf disabled="true"></security:csrf>
</security:http>
<!-- Otherwise by default everything is secured -->
<security:http auto-config="true" use-expressions="true" pattern="/**" create-session="stateless" entry-point-ref="auth0EntryPoint">
<security:intercept-url pattern="/**" access='permitAll' />
<security:csrf disabled="true"></security:csrf>
</security:http>
<bean id="auth0Filter" class="com.auth0.spring.security.auth0.Auth0AuthenticationFilter">
<property name="entryPoint" ref="auth0EntryPoint"></property>
</bean>
<bean id="auth0AuthenticationProvider" class="com.auth0.spring.security.auth0.Auth0AuthenticationProvider">
<property name="clientSecret" value="${auth0.clientSecret}" ></property>
<property name="clientId" value="${auth0.clientId}" ></property>
<property name="securedRoute" value="${auth0.securedRoute}" ></property>
</bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="auth0AuthenticationProvider" />
</security:authentication-manager>
は、私はこのような何かを持っています:
package com.simplymeasured.uam;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import com.auth0.spring.security.auth0.Auth0AuthenticationEntryPoint;
import com.auth0.spring.security.auth0.Auth0AuthenticationFilter;
import com.auth0.spring.security.auth0.Auth0AuthenticationProvider;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authenticationProvider());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic().authenticationEntryPoint(auth0EntryPoint());
http
.csrf().disable()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http
.addFilter(auth0Filter());
http
.authorizeRequests()
.anyRequest()
.authenticated();
System.out.println("CONFIGURE GETTING CALLED");
super.configure(http);
}
public AuthenticationProvider authenticationProvider() {
Auth0AuthenticationProvider provider = new Auth0AuthenticationProvider();
provider.setClientId("<auth0client>");
provider.setClientSecret("<auth0secret>");
provider.setSecuredRoute("/v2/**");
return provider;
}
public Auth0AuthenticationFilter auth0Filter() {
Auth0AuthenticationFilter auth0Filter = new Auth0AuthenticationFilter();
auth0Filter.setEntryPoint(auth0EntryPoint());
return auth0Filter;
}
public Auth0AuthenticationEntryPoint auth0EntryPoint() {
Auth0AuthenticationEntryPoint auth0EntryPoint = new Auth0AuthenticationEntryPoint();
return auth0EntryPoint;
}
}
が、それは繰り返しの数十をしてきたと私はちょうどそれがあることが必要並んで何かを得ていないのです。現時点では、フィルタチェーンがすでに定義済みのBeanであると主張している問題を処理しているため、リクエストは処理されません。どんな助けやヒントも膨大なものになるでしょう。私はspring-security-4用のリファレンスブックを見つけられませんでした。だから、コードサンプルを一緒にまとめるつもりです。