post:完成Spring Security在Web MVC中的配置。
This commit is contained in:
徐涛
@@ -0,0 +1,100 @@
|
||||
@startuml spring-security-ExpressionUrlAuthorizationConfigurer
|
||||
skinparam Shadowing false
|
||||
skinparam class {
|
||||
BackgroundColor White
|
||||
}
|
||||
hide empty members
|
||||
|
||||
class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>> {
|
||||
- ExpressionInterceptUrlRegistry REGISTRY
|
||||
- SecurityExpressionHandler<FilterInvocation> expressionHandler
|
||||
- void interceptUrl(Iterable<? extends RequestMatcher> matcher, Collection<ConfigAttibute> attributes)
|
||||
}
|
||||
|
||||
class ExpressionInterceptUrlRegistry {
|
||||
+ ExpressionInterceptUrlRegistry expressionHandler(SecurityExxpressionHandler<FilterInvocation> handler)
|
||||
+ ExpressionInterceptUrlRegistry withObjectPostProcessor(ObjectPostProcessor<?> processor)
|
||||
+ H and()
|
||||
}
|
||||
|
||||
class MvcMatchersAuthorizedUrl {
|
||||
- MvcMatchersAuthorizeUrl(List<MvcRequestMatcher> requestMatchers)
|
||||
+ AuthorizedUrl servletPath(String path)
|
||||
}
|
||||
|
||||
class AuthorizedUrl {
|
||||
- List<? extends RequestMatchers> requestMatchers
|
||||
- boolean not
|
||||
+ AuthorizedUrl not()
|
||||
+ ExpressionInterceptUrlRegistry hasRole(String role)
|
||||
+ ExpressionInterceptUrlRegistry hasAnyRole(String... roles)
|
||||
+ ExpressionInterceptUrlRegistry hasAuthority(String authority)
|
||||
+ ExpressionInterceptUrlRegistry hasAnyAuthority(String... suthorities)
|
||||
+ ExpressionInterceptUrlRegistry hasIpAddress(String ipAddress)
|
||||
+ ExpressionInterceptUrlRegistry permitAll()
|
||||
+ ExpressionInterceptUrlRegistry anonymous()
|
||||
+ ExpressionInterceptUrlRegistry rememberMe()
|
||||
+ ExpressionInterceptUrlRegistry denyAll()
|
||||
+ ExpressionInterceptUrlRegistry authenticated()
|
||||
+ ExpressionInterceptUrlRegistry fullyAuthenticated()
|
||||
+ ExpressionInterceptUrlRegistry access(String attribute)
|
||||
}
|
||||
|
||||
abstract AbstractInterceptUrlConfigurer<C, H> {
|
||||
- Boolean filterSecurityInterceptorOncePerRequest
|
||||
- AccessDecisionManager accessDecisionManager
|
||||
+{abstract} FilterInvocationSecurityMetadataSource createMetadataSource(H http)
|
||||
}
|
||||
|
||||
abstract AbstractInterceptUrlRegistry<R extends AbstractInterceptUrlRegistry<R, T>, T> {
|
||||
+ R accessDecisionManager(AccessDecisionManager manager)
|
||||
+ R filterSecurityInterceptorOncePerRequest(boolean filter)
|
||||
}
|
||||
|
||||
interface RequestMatcher {
|
||||
+ boolean matches(HttpServletRequest request)
|
||||
+ MatchResult matcher(HttpServletRequest request)
|
||||
}
|
||||
|
||||
interface AccessDecisionManager {
|
||||
+ void decide(Authentication authentication, Object object, Collection<ConfigAttribute> attributes)
|
||||
+ boolean supports(ConfigAttribute attribute)
|
||||
+ boolean supports(Class<?> clazz)
|
||||
}
|
||||
|
||||
abstract AbstractConfigAttributeRequestMatcherRegistry<C> {
|
||||
- List<UrlMapping> urlMappings
|
||||
- List<RequestMatcher> unmappedMatcher
|
||||
+ void addMapping(UrlMapping mapping)
|
||||
#{abstract} C chainRequestMatchersInternal(List<RequestMatcher> matchers)
|
||||
+ void addMapping(int index, UrlMapping mapping)
|
||||
}
|
||||
|
||||
abstract AbstractRequestMatcherRegistry<C> {
|
||||
-{static} RequestMatcher ANY_REQUEST
|
||||
- ApplicationContext context
|
||||
- boolean anyRequestConfigured
|
||||
+ C anyRequest()
|
||||
+ C antMatchers(HttpMethod method)
|
||||
+ C antMetchers(HttpMethod method, String... pattern)
|
||||
+ C antMatchers(String... pattern)
|
||||
+{abstract} C mvcMatchers(String... pattern)
|
||||
+{abstract} C mvcMatchers(HttpMethod method, String... pattern)
|
||||
+ C regexMatchers(HttpMethod method, String... pattern)
|
||||
+ C regexMatchers(String... pattern)
|
||||
+ C dispatcherTypeMatchers(HttpMethod method, DispatcherType... types)
|
||||
+ C dispatcherTypeMatchers(DispatcherType... types)
|
||||
}
|
||||
|
||||
ExpressionUrlAuthorizationConfigurer +-- ExpressionInterceptUrlRegistry
|
||||
MvcMatchersAuthorizedUrl -+ ExpressionUrlAuthorizationConfigurer
|
||||
ExpressionUrlAuthorizationConfigurer +-- AuthorizedUrl
|
||||
AuthorizedUrl <|- MvcMatchersAuthorizedUrl
|
||||
ExpressionInterceptUrlRegistry --|> AbstractInterceptUrlRegistry
|
||||
AbstractInterceptUrlRegistry ---+ AbstractInterceptUrlConfigurer
|
||||
AuthorizedUrl *-- RequestMatcher
|
||||
AbstractInterceptUrlRegistry *- AccessDecisionManager
|
||||
AccessDecisionManager -* AbstractInterceptUrlConfigurer
|
||||
AbstractInterceptUrlRegistry --|> AbstractConfigAttributeRequestMatcherRegistry
|
||||
AbstractConfigAttributeRequestMatcherRegistry --|> AbstractRequestMatcherRegistry
|
||||
@enduml
|
||||
25
drawings/spring-security-authflow.puml
Normal file
25
drawings/spring-security-authflow.puml
Normal file
@@ -0,0 +1,25 @@
|
||||
@startuml spring-security-authflow
|
||||
skinparam Shadowing false
|
||||
skinparam {
|
||||
ActivityBackgroundColor white
|
||||
ActivityDiamondBackgroundColor white
|
||||
}
|
||||
|
||||
start
|
||||
:用户输入用户名及密码;
|
||||
:系统根据用户名查询用户;
|
||||
if (用户存在) then (是)
|
||||
:获取用户的详细信息;
|
||||
:将用户提供的密码与用户详细信息中的密码进行比对;
|
||||
if (密码比对成功) then (是)
|
||||
:生成用户Session信息;
|
||||
:将用户Session信息进行保存;
|
||||
:通知用户登录成功;
|
||||
else (否)
|
||||
:提示所提供的密码不正确;
|
||||
endif
|
||||
else (否)
|
||||
:提示所提供的用户不存在;
|
||||
endif
|
||||
stop
|
||||
@enduml
|
||||
202
drawings/spring-security-httpsecurity.puml
Normal file
202
drawings/spring-security-httpsecurity.puml
Normal file
@@ -0,0 +1,202 @@
|
||||
@startuml spring-security-httpsecurity
|
||||
skinparam Shadowing false
|
||||
skinparam class {
|
||||
BackgroundColor White
|
||||
}
|
||||
hide empty members
|
||||
|
||||
class HttpSecurity {
|
||||
- RequestMatcherConfigurer requestMatcherConfigurer
|
||||
- List<OrderedFilter> filters
|
||||
- RequestMatcher requestMatcher
|
||||
- FilterOrderRegistration filterOrders
|
||||
- AuthenticationManager authenticationManager
|
||||
- ApplicationContext getContext()
|
||||
+ HeadersConfigurer<HttpSecurity> headers()
|
||||
+ CorsConfigurer<HttpSecurity> cors()
|
||||
+ SessionManagementConfigurer<HttpSecurity> sessionManagement()
|
||||
+ PortMapperConfigurer<HttpSecurity> portMapper()
|
||||
+ JeeConfigurer<HttpSecurity> jee()
|
||||
+ X509Configurer<HttpSecurity> x509()
|
||||
+ RememberMeConfigurer<HttpSecurity> rememberMe()
|
||||
+ ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry authorizeRequests()
|
||||
+ AuthorizeHttpRequestsConfigurer<HttpSecurity>.AuthorizationManagerRequestMatcherRegistry authorizeHttpRequests()
|
||||
+ RequestCacheConfigurer<HttpSecurity> requestCache()
|
||||
+ ExceptionHandlingConfigurer<HttpSecurity> exceptionHandling()
|
||||
+ SecurityContextConfigurer<HttpSecurity> serurityContext()
|
||||
+ ServletApiConfigurer<HttpSecurity> servletApi()
|
||||
+ CsrfConfigurer<HttpSecurity> csrf()
|
||||
+ LogoutConfigurer<HttpSecurity> logout()
|
||||
+ AnonymousConfigurer<HttpSecurity> anonymous()
|
||||
+ FormLoginConfigurer<HttpSecurity> formLogin()
|
||||
+ Saml2LoginConfigurer<HttpSecurity> saml2Login()
|
||||
+ OAuth2LoginConfigurer<HttpSecurity> oauth2Login()
|
||||
+ OAuth2ClientConfigurer<HttpSecurity> oauth2Client()
|
||||
+ OAuth2ResourceServerConfigurer<HttpSecurity> oauth2ResouceServer()
|
||||
+ ChannelSecurityConfigurer<HttpSecurity>.ChannelRequestMatcherRegistry requiresChannel()
|
||||
+ HttpBasicConfigurer<HttpSecurity> httpBasic()
|
||||
+ HttpSecurity passwordManagement(Customizer<PasswordManagementConfigurer<HttpSecurity>> customizer)
|
||||
+ HttpSecurity authenticationManager(AuthenticationManager authenticationManager)
|
||||
+ RequestMatcherConfigurer requestMatchers()
|
||||
+ HttpSecurity antMatcher(String antPattern)
|
||||
+ HttpSecurity mvcMatcher(String mvcPattern)
|
||||
+ HttpSecurity regexMatcher(String pattern)
|
||||
}
|
||||
|
||||
class MvcMatchersRequestMatcherConfigurer {
|
||||
+ RequestMatcherConfigurer servletPath(String servletPath)
|
||||
}
|
||||
|
||||
class RequestMatcherConfigurer {
|
||||
# List<RequestMatcher> matchers
|
||||
+ HttpSecurity and()
|
||||
}
|
||||
|
||||
abstract AbstractRequestMatcherRegistry<C> {
|
||||
-{static} RequestMatcher ANY_REQUEST
|
||||
- ApplicationContext context
|
||||
- boolean anyRequestConfigured
|
||||
+ C anyRequest()
|
||||
+ C antMathcers(HttpMethod method)
|
||||
+ C antMatchers(HttpMethod method, String... antPatterns)
|
||||
+ C antMatchers(String... antPattern)
|
||||
+{abstract} C mvcMatchers(String... mvcPatterns)
|
||||
+{abstract} C mvcMatchers(HttpMethod method, String... mvcPattern)
|
||||
+ C regexMatchers(HttpMethod method, String... regexPatterns)
|
||||
+ C regexMatchers(String... regexPatterns)
|
||||
+ C dispatcherTypeMatchers(HttpMethod method, DispatcherType... dispatcherTypes)
|
||||
+ C dispatcherTypeMatchers(DispatcherType... dispatcherTypes)
|
||||
+ C requestMatchers(RequestMatcher... requestMatchers)
|
||||
#{abstract} C chainRequestMatchers(List<RequestMatchers> requestMatchers)
|
||||
}
|
||||
|
||||
abstract AbstractHttpConfigurer<T, B> {
|
||||
+ B disable()
|
||||
+ T withObjectPostProcessor(ObjectPostProcessor<?> processor)
|
||||
}
|
||||
|
||||
abstract SecurityConfigurerAdpter<O, B extends SecurityBuilder<O>> {
|
||||
- B securityBuilder
|
||||
+ void configure(B builder)
|
||||
+ B and()
|
||||
+ void addObjectPostProcessor(ObjectPostProcessor<?> processor)
|
||||
}
|
||||
|
||||
interface SecurityConfigurer<O, B extends SecurityBuilder<O>> {
|
||||
+ void init(B builder)
|
||||
+ void configure(B builder)
|
||||
}
|
||||
|
||||
class HeadersConfigurer<H extends HttpSecurityBuilder<H>> {
|
||||
+ HeadersConfigurer<H> addHeaderWriter(HeaderWriter headerWriter)
|
||||
+ ContentTypeOptionsConfig contentTypeOptions()
|
||||
+ XXssConfig xssProtection()
|
||||
+ CacheControlConfig cacheControl()
|
||||
+ HstsConfig httpStrictTransportSecurity()
|
||||
+ FrameOptionsConfig frameOptions()
|
||||
+ HpkpConfig httpPublicKeyPinning()
|
||||
+ ContentSecurityPolicyConfig contentSecurityPolicy()
|
||||
+ HeadersConfigurer<H> defaultDisabled()
|
||||
+ ReferrerPolicyConfig referrerPolicy()
|
||||
+ ReferrerPolicyConfig referrerPolicy(ReferrerPolicy policy)
|
||||
+ PermissionPolicyConfig permissionPolicy()
|
||||
}
|
||||
|
||||
class CorsConfigurer<H extends HttpSecurityBuilder<H>> {
|
||||
+ CorsConfigurer<H> configurationSource(CorsConfigurationSource source)
|
||||
}
|
||||
|
||||
class CsrfConfigurer<H extends HttpSecurityBuilder<H>> {
|
||||
+ CsrfConfigurer<H> csrfTokenRepository(CsrfTokenRepository repo)
|
||||
+ CsrfConfigurer<H> requireCsrfProtectionMatcher(RequestMatcher matcher)
|
||||
+ CsrfConfigurer<H> ignoringAntMatcher(String... patterns)
|
||||
+ CsrfConfigurer<H> ignoringRequestMatchers(RequestMatcher... matchers)
|
||||
+ CsrfConfigurer<H> sessionAuthenticationStrategy(SessionAuthenticationStrategy strategy)
|
||||
}
|
||||
|
||||
class AnonymousConfigurer<H extends HttpSecurityBuilder<H>> {
|
||||
+ AnonymousConfigurer<H> key(String key)
|
||||
+ AnonymousConfigurer<H> principal(Object principal)
|
||||
+ AnonymousConfigurer<H> authorities(List<GrantedAuthority> authorities)
|
||||
+ AnonymousConfigurer<H> authorities(String... authorities)
|
||||
+ AnonymousConfigurer<H> authenticationProvider(AuthenticationProvider provider)
|
||||
+ AnonymousConfigurer<H> authenticationFilter(AnonymousAuthenticationFilter filter)
|
||||
}
|
||||
|
||||
class LogoutConfigurer<H extends HttpSecurityBuilder<H>> {
|
||||
+ LogoutConfigurer<H> addLogoutHandler(LogoutHandler handler)
|
||||
+ LogoutConfigurer<H> clearAuthentication(boolean clearAuthentication)
|
||||
+ LogoutConfigurer<H> invalidateHttpSession(boolean invalidate)
|
||||
+ LogoutConfigurer<H> logoutUrl(String url)
|
||||
+ LogoutConfigurer<H> logoutRequestMatcher(RequestMatcher matcher)
|
||||
+ LogoutConfigurer<H> logoutSuccessUrl(String url)
|
||||
+ LogoutConfigurer<H> permitAll()
|
||||
+ LogoutConfigurer<H> deleteCookies(String... names)
|
||||
+ LogoutConfigurer<H> logoutSuccessHandler(LogoutSuccessHandler handler)
|
||||
+ LogoutConfigurer<H> defaultLogoutSuccessHandlerFor(logoutSuccessHandler handler, RequestMatcher matcher)
|
||||
+ LogoutConfigurer<H> permitAll(boolean permitAll)
|
||||
}
|
||||
|
||||
class RememberMeConfigurer<H extends HttpSecurityBuilder<H>> {
|
||||
+ RememberMeConfigurer<H> tokenValidatySeconds(int sec)
|
||||
+ RememberMeConfigurer<H> useSecureCookie(boolean secured)
|
||||
+ RememberMeConfigurer<H> useDetailsService(UserDetailsService service)
|
||||
+ RememberMeConfigurer<H> toeknRepository(PersistentToeknRepository repo)
|
||||
+ RememberMeConfigurer<H> key(String key)
|
||||
+ RememberMeConfigurer<H> rememberMeParameter(String param)
|
||||
+ RememberMeConfigurer<H> rememberMeCookieName(String name)
|
||||
+ RememberMeConfigurer<H> rememberMeCookieDomain(String domain)
|
||||
+ RememberMeConfigurer<H> authenticationSuccessHandler(AuthenticationSuccessHandler handler)
|
||||
+ RememberMeConfigurer<H> rememberMeServices(RememberMeServices service)
|
||||
+ RememberMeConfigurer<H> alwaysRemember(boolea always)
|
||||
}
|
||||
|
||||
class FormLoginConfigurer<H extends HttpSecurityBuilder<H>> {
|
||||
+ FormLoginConfigurer<H> loginPage(String loginPage)
|
||||
+ FormLoginConfigurer<H> usernameParameter(String param)
|
||||
+ FormLoginConfigurer<H> passwordParameter(String param)
|
||||
+ FormLoginConfigurer<H> failureForwardUrl(String url)
|
||||
+ FormLoginConfigurer<H> successForwardUrl(String url)
|
||||
}
|
||||
|
||||
class HttpBasicConfigurer<H extends HttpSecurityBuilder<H>> {
|
||||
+ HttpBasicConfigurer<H> realmName(String name)
|
||||
+ HttpBasicConfigurer<H> authenticationEntryPoint(AuthenticationEntryPoint entryPoint)
|
||||
+ HttpBasicConfigurer<H> authenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?> source)
|
||||
}
|
||||
|
||||
class ExceptionHandlingConfigurer<H extends HttpSecurityBuilder<H>> {
|
||||
+ ExceptionHandlingConfigurer<H> accessDeniedPage(String url)
|
||||
+ ExceptionHandlingConfigurer<H> accessDeniedHandler(AccessDeniedHandler handler)
|
||||
+ ExceptionHandlingConfigurer<H> defaultAccessDeniedHandlerFor(AccessDeniedHandler handler, RequestMatcher matcher)
|
||||
+ ExceptionHandlingConfigurer<H> authenticationEntryPoint(AuthenticationEntryPoint entryPoint)
|
||||
+ ExceptionHandlingConfigurer<H> defaultAuthenticationEntryPointFor(AuthenticationEntryPoint entryPoint, RequestMatcher matcher)
|
||||
}
|
||||
|
||||
MvcMatchersRequestMatcherConfigurer --|> RequestMatcherConfigurer
|
||||
MvcMatchersRequestMatcherConfigurer --+ HttpSecurity
|
||||
RequestMatcherConfigurer --+ HttpSecurity
|
||||
AbstractRequestMatcherRegistry <|. RequestMatcherConfigurer
|
||||
SecurityConfigurerAdpter --|> SecurityConfigurer
|
||||
AbstractHttpConfigurer ..|>SecurityConfigurerAdpter
|
||||
|
||||
HeadersConfigurer -* HttpSecurity
|
||||
CorsConfigurer --* HttpSecurity
|
||||
HttpSecurity *-- CsrfConfigurer
|
||||
HttpSecurity *-- AnonymousConfigurer
|
||||
HttpSecurity *-- LogoutConfigurer
|
||||
HttpSecurity *-- RememberMeConfigurer
|
||||
HttpSecurity *-- FormLoginConfigurer
|
||||
HttpSecurity *- HttpBasicConfigurer
|
||||
HttpSecurity *- ExceptionHandlingConfigurer
|
||||
|
||||
HeadersConfigurer --|> AbstractHttpConfigurer
|
||||
CorsConfigurer ----|> AbstractHttpConfigurer
|
||||
AbstractHttpConfigurer <|- CsrfConfigurer
|
||||
AnonymousConfigurer --|> AbstractHttpConfigurer
|
||||
LogoutConfigurer -|> AbstractHttpConfigurer
|
||||
RememberMeConfigurer --|> AbstractHttpConfigurer
|
||||
FormLoginConfigurer --|> AbstractHttpConfigurer
|
||||
HttpBasicConfigurer ----|> AbstractHttpConfigurer
|
||||
ExceptionHandlingConfigurer --|> AbstractHttpConfigurer
|
||||
@enduml
|
||||
Reference in New Issue
Block a user