@EnableWebSecurity 和@EnableWebMvcSecurity 有什么区别?
What is the difference between @EnableWebSecurity and @EnableWebMvcSecurity?
@EnableWebSecurity
JavaDoc 文档:
Add this annotation to an @Configuration class to have the Spring Security configuration defined in any WebSecurityConfigurer or more likely by extending the WebSecurityConfigurerAdapter base class and overriding individual methods.
@EnableWebMvcSecurity
JavaDoc 文档:
Add this annotation to an @Configuration class to have the Spring Security configuration integrate with Spring MVC.
- “与 Spring MVC 集成”到底是什么意思?我得到了哪些额外的行为?
- 我发现了guides & answers,这表明这个注释将
CSRF Tokens添加到Spring MVC表单,这是它唯一添加的吗?
如果你看一下那些 类,@EnableWebMvcSecurity 实际上在 WebMvcSecurityConfiguration 中添加了 @EnableWebSecurity 注释。因此,@EnableWebMvcSecurity 完成了 @EnableWebSecurity 所做的一切,甚至更多。
你还问什么?
如果您查看 WebMvcSecurityConfiguration,您会看到它添加了一个 AuthenticationPrincipalArgumentResolver,以便您可以通过向控制器方法参数添加注释来访问身份验证主体。即:
public String show(@AuthenticationPrincipal CustomUser customUser) {
// do something with CustomUser
return "view";
}
它还与 Spring Web MVC 集成以向表单添加 CSRF 令牌。
As of Spring Security 4.0, @EnableWebMvcSecurity is deprecated. The replacement is
@EnableWebSecurity which will determine adding the Spring MVC features
based upon the classpath.
To enable Spring Security integration with Spring MVC add the
@EnableWebSecurity annotation to your configuration.
@EnableWebSecurity
JavaDoc 文档:
Add this annotation to an
@Configurationclass to have theSpring Securityconfiguration defined in anyWebSecurityConfigureror more likely by extending theWebSecurityConfigurerAdapterbase class and overriding individual methods.
@EnableWebMvcSecurity
JavaDoc 文档:
Add this annotation to an
@Configurationclass to have theSpring Securityconfiguration integrate withSpring MVC.
- “与 Spring MVC 集成”到底是什么意思?我得到了哪些额外的行为?
- 我发现了guides & answers,这表明这个注释将
CSRF Tokens添加到Spring MVC表单,这是它唯一添加的吗?
如果你看一下那些 类,@EnableWebMvcSecurity 实际上在 WebMvcSecurityConfiguration 中添加了 @EnableWebSecurity 注释。因此,@EnableWebMvcSecurity 完成了 @EnableWebSecurity 所做的一切,甚至更多。
你还问什么?
如果您查看 WebMvcSecurityConfiguration,您会看到它添加了一个 AuthenticationPrincipalArgumentResolver,以便您可以通过向控制器方法参数添加注释来访问身份验证主体。即:
public String show(@AuthenticationPrincipal CustomUser customUser) {
// do something with CustomUser
return "view";
}
它还与 Spring Web MVC 集成以向表单添加 CSRF 令牌。
As of Spring Security 4.0,
@EnableWebMvcSecurityis deprecated. The replacement is@EnableWebSecuritywhich will determine adding the Spring MVC features based upon the classpath.To enable Spring Security integration with Spring MVC add the
@EnableWebSecurityannotation to your configuration.