Please vote for me on the Nuggets APP
1. Introduction
In the last article, we analyzed the details of AuthenticationManager initialization, and there was a piece of code that caught the attention of many students:
ApplicationContext context = http.getSharedObject(ApplicationContext.class);
CaptchaAuthenticationProvider captchaAuthenticationProvider = context.getBean("captchaAuthenticationProvider", CaptchaAuthenticationProvider.class);
Copy the codeHow does Spring’s ApplicationContext object, ApplicationContext, get from the HttpSecurity object? What is SharedObject? Let’s find out today.
2. SharedObject
In Spring Security, SharedObject is neither an object nor an interface, but rather a general term for a class of “shareable” objects.
As the name implies, SharedObject means shareable object. What it does is if you have objects that you want to share in different scope configurations you make them SharedObject, kind of like distributed objects. To make things easier for you, here’s the architecture:
AbstractConfiguredSecurityBuilder or HttpSecurityBuilder implementation class to have the ability to operate the SharedObject. One way is to register SharedObject, and the other way is to get SharedObject.
The SharedObject registered
SharedObject is stored with its Class type as Key and instance as Value in a HashMap
,Object>, see HttpSecurity source code. Its registration is divided into two parts, the first is assembled when HttpSecurity is initialized. Let’s take a look:
We know AuthenticationManagerBuilder be Shared here.
Another part is registered when all the HttpSecurityBuilder objects are initialized. It is initialized and configured by SecurityConfigurer:
public interface SecurityConfigurer<O.B extends SecurityBuilder<O>> {
void init(B builder) throws Exception;
void configure(B builder) throws Exception;
}
Copy the codeThe above two methods are used to initialize and configure the HttpSecurityBuilder, respectively. Such as we know WebSecurityConfigurerAdapter is used to configure HttpSecurity, in its init method, we can find the related code:
privateMap<Class<? >, Object> createSharedObjects() { Map<Class<? >, Object> sharedObjects =new HashMap<>();
sharedObjects.putAll(localConfigureAuthenticationBldr.getSharedObjects());
sharedObjects.put(UserDetailsService.class, userDetailsService());
sharedObjects.put(ApplicationContext.class, context);
sharedObjects.put(ContentNegotiationStrategy.class, contentNegotiationStrategy);
sharedObjects.put(AuthenticationTrustResolver.class, trustResolver);
return sharedObjects;
}
Copy the codeThis is why I can get the ApplicationContext at the beginning of this article.
Getting and using SharedObject
What classes can we get that are marked SharedObject? SecurityConfigurer has a number of implementations that configure specific authentication and authorization-related functions. For example, OAuth2ClientConfigurer is used to configure the OAuth2 client, which sets some commonly used objects to SharedObject:
public OAuth2ClientConfigurer<B> clientRegistrationRepository(ClientRegistrationRepository clientRegistrationRepository) {
Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
this.getBuilder().setSharedObject(ClientRegistrationRepository.class, clientRegistrationRepository);
return this;
}
Copy the codeWhen you need to use in other parts of the HttpSecurity configuration of ClientRegistrationRepository, you can directly through the getSharedObject available, just like the beginning, some methods to obtain without having to worry about.
3. Summary
SharedObject is a very useful feature provided by Spring Security. If you need to reuse an object in different places, you can register it as SharedObject, or even inject it directly into Spring IoC. This feature simplifies configuration, improves code readability, and lays the foundation for Spring Security’s DSL features. Well today’s share here, I am: code farmers xiao Pangge, pay more attention to get more practical programming dry goods.