@Retention(RetentionPolicy.RUNTIME)@Target(ElementType.TYPE)@Documented@Import({WebSecurityConfiguration.class,SpringWebMvcImportSelector.class,OAuth2ImportSelector.class,HttpSecurityConfiguration.class})@EnableGlobalAuthentication@Configurationpublic@interfaceEnableWebSecurity{/**
* Controls debugging support for Spring Security. Default is false.
* @return if true, enables debug support with Spring Security
*/booleandebug()defaultfalse;}
4.2、主要作用
导入WebSecurityConfiguration
导入HttpSecurityConfiguration
5、WebSecurityConfiguration
5.1、部分源码
@Configuration(proxyBeanMethods =false)publicclassWebSecurityConfigurationimplementsImportAware,BeanClassLoaderAware{@Bean(name =AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME)publicFilterspringSecurityFilterChain()throwsException{boolean hasConfigurers =this.webSecurityConfigurers !=null&&!this.webSecurityConfigurers.isEmpty();boolean hasFilterChain =!this.securityFilterChains.isEmpty();Assert.state(!(hasConfigurers && hasFilterChain),"Found WebSecurityConfigurerAdapter as well as SecurityFilterChain. Please select just one.");if(!hasConfigurers &&!hasFilterChain){WebSecurityConfigurerAdapter adapter =this.objectObjectPostProcessor
.postProcess(newWebSecurityConfigurerAdapter(){});this.webSecurity.apply(adapter);}for(SecurityFilterChain securityFilterChain :this.securityFilterChains){this.webSecurity.addSecurityFilterChainBuilder(()-> securityFilterChain);for(Filter filter : securityFilterChain.getFilters()){if(filter instanceofFilterSecurityInterceptor){this.webSecurity.securityInterceptor((FilterSecurityInterceptor) filter);break;}}}for(WebSecurityCustomizer customizer :this.webSecurityCustomizers){
customizer.customize(this.webSecurity);}returnthis.webSecurity.build();}}
@AutoConfiguration@ConditionalOnClass(AuthenticationManager.class)@ConditionalOnBean(ObjectPostProcessor.class)@ConditionalOnMissingBean(
value ={AuthenticationManager.class,AuthenticationProvider.class,UserDetailsService.class,AuthenticationManagerResolver.class},
type ={"org.springframework.security.oauth2.jwt.JwtDecoder","org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector","org.springframework.security.oauth2.client.registration.ClientRegistrationRepository","org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository"})publicclassUserDetailsServiceAutoConfiguration{@Bean@LazypublicInMemoryUserDetailsManagerinMemoryUserDetailsManager(SecurityProperties properties,ObjectProvider<PasswordEncoder> passwordEncoder){SecurityProperties.User user = properties.getUser();List<String> roles = user.getRoles();returnnewInMemoryUserDetailsManager(User.withUsername(user.getName()).password(getOrDeducePassword(user, passwordEncoder.getIfAvailable())).roles(StringUtils.toStringArray(roles)).build());}privateStringgetOrDeducePassword(SecurityProperties.User user,PasswordEncoder encoder){String password = user.getPassword();if(user.isPasswordGenerated()){
logger.warn(String.format("%n%nUsing generated security password: %s%n%nThis generated password is for development use only. "+"Your security configuration must be updated before running your application in "+"production.%n",
user.getPassword()));}if(encoder !=null|| PASSWORD_ALGORITHM_PATTERN.matcher(password).matches()){return password;}return NOOP_PASSWORD_PREFIX + password;}