前言:优先级高于ResourceServerConfigurer,用于保护oauth相关的endpoints,同时主要作用于用户的登录(form login,Basic auth)
WebSecurityConfigurerAdapter是默认情况下Spring security的http配置;ResourceServerConfigurerAdapter是默认情况下spring security oauth 的http配置。
下面贴出部分源码:WebSecurityConfigurerAdapter类
@order(100)public abstract class WebSecurityConfigurerAdapter implements WebSecurityConfigurer<WebSecurity> { ?????????protected void configure(AuthenticationManagerBuilder auth) throws Exception { ?????????????????...... ?????} ?????????protected void configure(WebSecurity web) throws Exception { ?????????????????...... ???} ???????????protected void configure(HttpSecurity http) throws Exception { ????????????????........ ?????} }ResourceServerConfigurerAdapter源码:
在ResourceServerProperties中,定义了他的order默认值为SecurityProperties.ACCESS_OVERRIDE_ORDER -1;是大于100的,也就是WebSecurityConfigurerAdapter的配置拦截要优先于ResourceServerConfigurerAdapter,优先级高的http配置是可以覆盖优先级低的配置的。
如果在一些特定的情况下需要ResourceServerConfigurerAdapter要高于WebSecurityConfigurerAdapter需要在配置文件中添加:
security.oauth2.resource.filter-order=99
或者是重写WebSecurityConfigurerAdapter的order配置:
@Configuration@EbableWebSecurity@order(SecurityProperties.ACCESS_OVERRIDE_ORDER)public class SecurityConfigurerAdapter extends WebSecurityConfigurerAdapter{ ???????..... ?}
关于WebSecurityConfigurerAdapter和ResourceServerConfigurerAdapter源码分析
原文地址:https://www.cnblogs.com/hengzhou/p/9441835.html