转载

springboot2升级笔记

springboot2终于发布，我尝试从1.5.10升级到2.0.0版本。和预期的一样，出现了各种各样的小问题。

1.一些配置项在2.0版本被删除掉了，比如server.context-path ,security.ignored被移除掉了。

server.context-path 使用新的server.servlet.context-path

security.ignored直接移除。springboot不再提供默认配置。必须在代码中配置：

@Value("${security.ignored:/css/**, /js/**,/images/**, /webjars/**, /**/favicon.ico,/Hplus4.1/**,/assets/**}")
    String[] antPatterns;

    //Spring Boot configured this already.
    @Override
    public void configure(WebSecurity web) {
        web.ignoring().antMatchers(antPatterns);
//        web.ignoring().requestMatchers(PathRequest.toStaticResources().atCommonLocations());
    }

2.springboot2的默认的JDK版本为1.8，还在使用1.6的同学就要先升级JDK啦。里面很多代码都使用lambda表达式。使用thymeleaf3.0版本，spring security升级到5.0.3.

3.spring security升级到5.0.3后碰到的一些问题，默认PasswordEncoder不再需要salt，原有的PasswordEncoder被彻底从源码中删除。默认的实现是PasswordEncoderFactories生成的DelegatingPasswordEncoder，如果使用默认的DelegatingPasswordEncoder，密码配置格式为 {加密方式}加密后的密文

/**
 * Used for creating {@link PasswordEncoder} instances
 * @author Rob Winch
 * @since 5.0
 */
public class PasswordEncoderFactories {

	/**
	 * Creates a {@link DelegatingPasswordEncoder} with default mappings. Additional
	 * mappings may be added and the encoding will be updated to conform with best
	 * practices. However, due to the nature of {@link DelegatingPasswordEncoder} the
	 * updates should not impact users. The mappings current are:
	 *
	 * <ul>
	 * <li>bcrypt - {@link BCryptPasswordEncoder} (Also used for encoding)</li>
	 * <li>ldap - {@link LdapShaPasswordEncoder}</li>
	 * <li>MD4 - {@link Md4PasswordEncoder}</li>
	 * <li>MD5 - {@code new MessageDigestPasswordEncoder("MD5")}</li>
	 * <li>noop - {@link NoOpPasswordEncoder}</li>
	 * <li>pbkdf2 - {@link Pbkdf2PasswordEncoder}</li>
	 * <li>scrypt - {@link SCryptPasswordEncoder}</li>
	 * <li>SHA-1 - {@code new MessageDigestPasswordEncoder("SHA-1")}</li>
	 * <li>SHA-256 - {@code new MessageDigestPasswordEncoder("SHA-256")}</li>
	 * <li>sha256 - {@link StandardPasswordEncoder}</li>
	 * </ul>
	 *
	 * @return the {@link PasswordEncoder} to use
	 */
	public static PasswordEncoder createDelegatingPasswordEncoder() {
		String encodingId = "bcrypt";
		Map<String, PasswordEncoder> encoders = new HashMap<>();
		encoders.put(encodingId, new BCryptPasswordEncoder());
		encoders.put("ldap", new LdapShaPasswordEncoder());
		encoders.put("MD4", new Md4PasswordEncoder());
		encoders.put("MD5", new MessageDigestPasswordEncoder("MD5"));
		encoders.put("noop", NoOpPasswordEncoder.getInstance());
		encoders.put("pbkdf2", new Pbkdf2PasswordEncoder());
		encoders.put("scrypt", new SCryptPasswordEncoder());
		encoders.put("SHA-1", new MessageDigestPasswordEncoder("SHA-1"));
		encoders.put("SHA-256", new MessageDigestPasswordEncoder("SHA-256"));
		encoders.put("sha256", new StandardPasswordEncoder());

		return new DelegatingPasswordEncoder(encodingId, encoders);
	}

	private PasswordEncoderFactories() {}
}

注释掉的部分是升级为2.0后，需要更改的密码样式，如果不想更改密码就指定PasswordEncoder实现类。

@Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
      /*  auth.inMemoryAuthentication()
                .withUser("user").password("{noop}password").roles("USER")
                .and()
                .withUser("admin").password("{noop}password").roles("ADMIN")
                .and()
                .withUser("test").password("{noop}password").roles("ADMIN");*/

        auth.inMemoryAuthentication().passwordEncoder(NoOpPasswordEncoder.getInstance())
                .withUser("user").password("password").roles("USER")
                .and()
                .withUser("admin").password("password").roles("ADMIN")
                .and()
                .withUser("test").password("password").roles("ADMIN");

        auth.authenticationProvider(new UserSignAuthenticationProvider());
    }

4需要显式指定spring-security-oauth和spring-session依赖版本。springboot2可能还没有做好对这两个组件的测试

<spring-security-jwt.version>1.0.9.RELEASE</spring-security-jwt.version>
        <spring-security-oauth.version>2.2.1.RELEASE</spring-security-oauth.version>
        <spring-session.version>1.3.1.RELEASE</spring-session.version>

springboot2.0分支：https://gitee.com/json20080301/spring-boot-spring-security-thymeleaf/tree/master/

原有的1.5.10在另外一个分支上：https://gitee.com/json20080301/spring-boot-spring-security-thymeleaf/tree/1.5.10/

原文 http://blog.csdn.net/json20080301/article/details/79429953

正文到此结束