Spring Security对HTTP认证的集成

package com.zcw.demospringsecurity.demo15;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint;
import org.springframework.security.web.authentication.www.DigestAuthenticationFilter;

/**
 * @ClassName : WebSecurityConfig
 * @Description : SpringSecurity对HTTP的认证集成
 * @Author : Zhaocunwei
 * @Date: 2020-04-13 13:16
 */
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private DigestAuthenticationEntryPoint myDigestEntryPoint;
    @Autowired
    private UserDetailsService userDetailsService;
    /**
     * DigestAuthenticationEntryPoint用于配置HTTP摘要认证部分允许自定义的数据
     */
    @Bean
    public DigestAuthenticationEntryPoint digestEntryPoint(){
        DigestAuthenticationEntryPoint digestAuthenticationEntryPoint = new DigestAuthenticationEntryPoint();
        digestAuthenticationEntryPoint.setKey("https://gihub.com");
        digestAuthenticationEntryPoint.setRealmName("SpringSecurity");
        digestAuthenticationEntryPoint.setNonceValiditySeconds(500);
        return digestAuthenticationEntryPoint;
    }
    //过滤器指定了DigestAuthenticationEntryPoint和UserDetailsService，
    /**
     * 这里的UserDetailsService是必须要指定的，SpringSecurity不会主动注入
     */
    public DigestAuthenticationFilter digestAuthenticationFIlter(){
        DigestAuthenticationFilter digestAuthenticationFIlter = new DigestAuthenticationFilter();
        digestAuthenticationFIlter.setAuthenticationEntryPoint(myDigestEntryPoint);
        digestAuthenticationFIlter.setUserDetailsService(userDetailsService);
        return digestAuthenticationFIlter;
    }

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception{
        httpSecurity.authorizeRequests()
                .antMatchers("/adim")
                .hasAuthority("ROLE_ADMIN")
                .antMatchers("/user")
                .hasRole("USER")
                .antMatchers("/app")
                .permitAll()
                .anyRequest()
                .authenticated()
                .and()
                .csrf()
                .disable()
                //当未经认证就访问受保护资源时，会被该认证入口点处理
                .exceptionHandling()
                .authenticationEntryPoint(myDigestEntryPoint)
                .and()
                //把自定义过滤器加到过滤器链中
                .addFilter(digestAuthenticationFIlter());
    }

}