java-@Value中的SpEL重构(加密属性)

我有一个Spring Security配置,必须使用加密的属性.我有实用程序静态方法PasswordUtil.decode(),通过它可以解码属性以进一步使用.

以下解决方案有效,但是特定的SpEL在我看来很难看.因此,我的问题是：是否可以将给定的SpEL表达式重构为更好/更短/更惯用的东西？

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Value("#{T(my.package.PasswordUtil).decode('${signkey.password}')}")
    private String signKeyPassword;

}

解决方法:

您可以注册一个自定义SpEL解析器功能as you can see in the Reference Documentation.这意味着您可以创建一个自定义SpEL关键字,该关键字将在您的自定义代码中解析,也支持输入.

换句话说,您将能够编写而不是：

@Value("#{T(my.package.PasswordUtil).decode('${signkey.password}')}")
private String signKeyPassword;

您的自定义SpEL关键字为mydecode的以下代码：

@Value("#{ #mydecode( '${signkey.password}' ) }")
String signKeyPassword;

此选项：1)大大减少了SpEL字符串文字,2)使您有机会选择一个在您的域中有意义的名称,以及3)因为它本质上是一种方法调用,可以与不同@Value中的不同输入重用SpEL注射.

下面是一个工作示例.请注意,它不是特定于Spring Security的(不使用它)也不是特定于Spring Boot的(使用它)：

POM文件

从Spring Initializr自动生成,没有添加任何组件.

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.example</groupId>
    <artifactId>demo</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <packaging>jar</packaging>

    <name>demo</name>
    <description>Demo project for Spring Boot</description>

    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>1.5.9.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>

    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <java.version>1.8</java.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>


</project>

主类DemoApplication：

package com.example.demo;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;


@SpringBootApplication
public class DemoApplication {

    public static void main(String[] args) {

    SecurityConfiguration securityConfiguration = SpringApplication.run(DemoApplication.class, args).getBean(SecurityConfiguration.class);

        System.out.println(securityConfiguration.getSignKeyPassword());
    }

    @Bean
    MyCustomSpELFunctionRegister customSpelFunctionProvider() {
        return new MyCustomSpELFunctionRegister();
    }
}

SecurityConfiguration：

如前所述,Spring Security不可知.它使用自定义SpEL关键字解析程序.

package com.example.demo;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;

@Configuration
public class SecurityConfiguration {

    @Value("#{ #mydecode( '${signkey.password}' ) }")
    String signKeyPassword;

    public String getSignKeyPassword() {
        return signKeyPassword;
    }
}

MyCustomSpELDecoderFunction

在该类中,您将隐藏可完成工作的Utils静态方法

package com.example.demo;

public abstract class MyCustomSpELDecoderFunction {

    //needs to be public
    //alternative use interface with defined static method
    public static String mydecode(String encrypted) {
        return "myutils decrypt";
    }
}

MyCustomSpELFunctionRegister类

这是将您的自定义SpEL关键字连接到Utils类的粘合代码.它实现BeanFactoryPostProcessor在创建任何bean之前执行注册,从而停止@Value注入.

package com.example.demo;

import org.springframework.beans.BeansException;
import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.context.expression.StandardBeanExpressionResolver;
import org.springframework.expression.spel.support.StandardEvaluationContext;

public class MyCustomSpELFunctionRegister implements BeanFactoryPostProcessor {

    @Override
    public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {

        beanFactory.setBeanExpressionResolver(new StandardBeanExpressionResolver() {
            @Override
            protected void customizeEvaluationContext(StandardEvaluationContext standardEvaluationContext) {
                try {

                    //here we register all functions
                    standardEvaluationContext.registerFunction("mydecode", MyCustomSpELDecoderFunction.class.getMethod("mydecode", new Class[] { String.class }));

                } catch (NoSuchMethodException e) {
                    e.printStackTrace();
                }
            }
        });
    }
}

标签：spring-security,spring-el,spring,java
来源： https://codeday.me/bug/20191110/2013863.html