Spring Security 的 Java Config Preview（Java 配置预览）是 Spring Security 3.2 引入的重要特性

Spring Security 的 Java Config PreviewJava 配置预览是 Spring Security 3.2 引入的重要特性标志着从传统的 XML 配置向纯 Java 类配置基于Configuration和EnableWebSecurity的全面过渡。它通过注解驱动的方式简化安全配置提升类型安全性、IDE 支持和可测试性。核心组件包括EnableWebSecurity启用 Spring Security Web 安全支持WebSecurityConfigurerAdapter已自 Spring Security 5.7 起弃用推荐直接实现SecurityFilterChainBeanSecurityFilterChain现代方式通过Bean定义过滤器链明确配置 HTTP 安全规则如authorizeHttpRequests()、formLogin()、csrf()等UserDetailsService、PasswordEncoder等策略接口的灵活定制。示例Spring Security 6 推荐写法ConfigurationEnableMethodSecuritypublicclassSecurityConfig{BeanpublicSecurityFilterChainfilterChain(HttpSecurityhttp)throwsException{http.authorizeHttpRequests(authz-authz.requestMatchers(/public/**).permitAll().requestMatchers(/admin/**).hasRole(ADMIN).anyRequest().authenticated()).formLogin(withDefaults()).logout(withDefaults());returnhttp.build();}BeanpublicPasswordEncoderpasswordEncoder(){returnnewBCryptPasswordEncoder();}}该预览版为后续 Spring Security 4.0 的零 XML、函数式 DSL 配置奠定了基础显著提升了开发体验与配置可维护性。Spring Security Java Config Preview: IntroductionYesterday I announced the release of Spring Security Java Configuration support and the release of Spring Security 3.2.0.M2 which contains Java Configuration support.Spring Security’s Java Configuration support is intended to provide a complete replacement of the XML namespace configuration. It is also designed to be extensible, so that Spring Security’s extension projects can work nicely with the Java Configuration support.In this first post of a five part Spring Security Java Configuration blog series, I discuss the logistics of the Spring Security Java Configuration project.“Required Versions”Regardless of how you decide to integrate with Spring Security, it is important to ensure you are using Spring 3.2.3.RELEASE to ensure that you avoid SPR-10546.AvailabilityBefore we get started, I’d like to talk about the two modules that Spring Security’s Java Configuration can be found.Availability in Spring Security 3.2.0.M2Spring Security Java Configuration has been copied into the Spring Security 3.2.0.M2 code base. This means if you are using Spring Security 3.2.0.M2 you should ensure to have the spring-security-config jar on your classpath. For example, you might have the following entries in your Maven pom.xml:org.springframework.security spring-security-config 3.2.0.M2 … repository.springsource.milestone SpringSource Milestone Repository http://repo.springsource.org/milestone“Future Availability”Currently there are no plans to provide any updates to spring-security-javaconfig. Instead, users will be encouraged to update to Spring Security 3.2 when it is released.Availability for Spring Security 3.1.4.RELEASEIn order to encourage users to try Spring Security Java Configuration, it is also available as a standalone module called spring-security-javaconfig. For example, you might have the following entries in your Maven pom.xml:org.springframework.security spring-security-javaconfig 1.0.0.M1 … repository.springsource.milestone SpringSource Milestone Repository http://repo.springsource.org/milestoneSpringOne2GX 2013Want to learn more about Spring Security 3.2 release? Register for SpringOne2GX 2013, September 9-12 in Santa Clara, California where I will be discussing Spring Security 3.2 in more detail! There conference will have tons of great sessions to quickly catch you up with everything that is happening in the Spring, Groovy, and Grails communities! Don’t forget to register by Aug 9th to save Want to learn more about Spring Security 3.2 release? Register for SpringOne2GX 2013, September 9-12 in Santa Clara, California where I will be discussing Spring Security 3.2 in more detail! There conference will have tons of great sessions to quickly catch you up with everything that is happening in the Spring, Groovy, and Grails communities! Don’t forget to register by Aug 9th to save $200 with the Early discount!00 with the Early discount!Feedback PleaseIf you encounter a bug, have an idea for improvement, etc please do not hesitate to bring it up! We want to hear your thoughts so we can ensure we get it right before the code is generally available. Trying out new features early is a good and simple way to give back to the community. This also ensures that the features you want are present and working as you think they should.Please log any issues or feature requests to the Spring Security JIRA under the category “Java Config”. After logging a JIRA, we encourage (but do not require) you to submit your changes in a pull request. You can read more about how to do this in the Contributor GuidelinesIf you have questions on how to do something, please use the Spring Security forums or Stack Overflow with the tag spring-security (I will be monitoring them closely). If you have specific comments questions about this blog, feel free to leave a comment. Using the appropriate tools will help make it easier for everyone.ConclusionYou should now have a clear idea of why Spring Security Java Configuration exists it multiple places, where you will find updates, and where to log issues to. In the next post, we will walk through using Spring Security Java configuration in a web application.comments powered by Disqus