Question

在我的春季应用程序中，我使用的是Spring 4.0.4和Spring Security 3.2.3。我直接从sprin网站上的教程复制了这段代码但是我遇到了问题编译，因为registerAuthentication类无法覆盖方法WebSecurityConfigurerAdapter而HttpSecurity类没有有方法authorizeUrls。我有一个罐子吗？或者是版本？

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;


@EnableWebSecurity
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void registerAuthentication(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
                .withUser("letsnosh").password("noshing").roles("USER");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeUrls()
                .antMatchers("/order/**").hasRole("USER")
                .antMatchers("/checkout").hasRole("USER")
                .anyRequest().anonymous()
                .and()
                //This will generate a login form if none is supplied.
                .formLogin();
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
}

Answer 1

从 3.2.0.RC1 看起来现在是.authorizeRequests()。见https://jira.spring.io/browse/SEC-2202

Answer 2

现在是.authorizeRequests()

Answer 3

我有相同的代码，它对我来说很好。您是否检查过类路径中是否包含spring-security-web和spring-security-config？尝试将它们添加到您的依赖项部分（如果您使用的是maven）。

<!-- Spring security -->
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-web</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-config</artifactId>
</dependency>

Answer 4

要使该教程的该部分与gradle一起运行，它将使用

compile 'org.springframework.security:spring-security-web:3.2.0.M2'
compile 'org.springframework.security:spring-security-core:3.2.0.M2'
compile 'org.springframework.security:spring-security-config:3.2.0.M2'

我不确定以后的版本会做什么。

此外，请注意，.anyRequest().anonymous()行会在您登录后锁定除订单和结帐之外的所有页面，因为您不再是匿名用户。只需删除该行，就可以按教程预期的方式工作。

Answer 5

试试这个

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication().withUser("letsnosh").password("noshing").roles("USER");
}

spring安全配置类出错

5 个答案: