Spring Security 6, as the latest version, introduces many new features and improvements, such as support for Spring Framework 6, new default password encoder, simpler configuration methods, etc.
springsecurity6 configuration custom path authentication .anyRequest().authenticated() replace with
.anyRequest().access(new CustomAuthorizationManager(myService))
CustomAuthorizationManager
package ;
import ;
import ;
import ;
import ;
import ;
import ;
import ;
public class CustomAuthorizationManager implements AuthorizationManager<RequestAuthorizationContext> {
private final MyService myService;
public CustomAuthorizationManager(MyService myService) {
= myService;
}
@Override
public AuthorizationDecision check(Supplier<Authentication> authentication, RequestAuthorizationContext context) {
HttpServletRequest request = ();
Authentication auth = ();
if (auth == null) {
return new AuthorizationDecision(false);
}
return new AuthorizationDecision((request, auth));
}
}
MyService
package ;
import ;
import ;
public interface MyService {
boolean hasPermission(HttpServletRequest request, Authentication authentication);
}
MyServiceImpl
package ;
import ;
import ;
import ;
import ;
import ;
import ;
import ;
import ;
@Service
public class MyserviceImpl implements MyService {
@Override
public boolean hasPermission(HttpServletRequest request, Authentication authentication) {
Object obj = ();
if (obj instanceof UserDetails) {
UserDetails userDetails = (UserDetails) obj;
Collection<? extends GrantedAuthority> authorities = ();
boolean contains = (new SimpleGrantedAuthority(()));
return contains;
}
return false;
}
}
package ;
import ;
import ;
import ;
import ;
import ;
import ;
import ;
import ;
import ;
import ;
import ;
import ;
@EnableWebSecurity
@Configuration
public class SecurityConfig{
@Autowired
private MyAccessDeniedHandler myAccessDeniedHandler;
// @Autowired
// private MyAuthenticationFailureHandler myAuthenticationFailureHandler;
private final MyService myService;
public SecurityConfig(MyService myService) {
= myService;
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http
.formLogin(formLogin -> ("/")
.loginProcessingUrl("/login")
//.successForwardUrl("/toMain")
.successHandler(new MyAuthenticationSuccessHandler("/"))
.failureUrl("/toError")
//.failureHandler(new MyAuthenticationFailureHandler("/"))
)
.authorizeHttpRequests(auth -> ("/toError","/","/").permitAll()
//Certification is required to access, it is a security certification. Not JWT's authentication login access
.requestMatchers("/js/**","/css/**","/img/**").permitAll()
.requestMatchers("")
.access(new WebExpressionAuthorizationManager("isAuthenticated() and hasIpAddress('192.168.10.6')"))
//Other paths require identity authentication// .anyRequest().authenticated()
.anyRequest().access(new CustomAuthorizationManager(myService))
)
.csrf(httpSecurityCsrfConfigurer -> ())
// Build and return a secure filter chain .build();
}
}This is the end of this article about the implementation of springsecurity6 configuration custom path identity authentication. For more related springsecurity6 custom path identity authentication content, please search for my previous articles or continue browsing the related articles below. I hope everyone will support me in the future!