我在使用Spring Boot 1.1.7保护休息资源方面遇到了问题。我已经使用自定义AuthenticationProvider创建了一个SecurityConfiguration。
正在加载SecurityConfiguration和AuthenticationProvider bean,但我的自定义'验证'方法永远不会被解雇。我已经审核了大部分教程,但无法使用自定义身份验证限制对任何网址的访问。
@EnableWebSecurity
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
final static Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);
private @Autowired CustomAuthenticationProvider provider;
/**
* Configure global.
*
* @param auth the auth
* @throws Exception the exception
*/
// @Autowired
// public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
// auth.authenticationProvider(this.provider);
// }
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
log.warn("Configure AuthMgrBuilder");
auth.authenticationProvider(this.provider);
}
/* (non-Javadoc)
* @see org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter#configure(org.springframework.security.config.annotation.web.builders.HttpSecurity)
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
log.warn("Configure http");
http.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.csrf().disable();
}
}
答案 0 :(得分:0)
我修改了configure(HttpSecurity http)方法,如下所示,它现在通过身份验证提供程序使用基本的http安全性进行身份验证。不确定这是最好的方法。
@Override
protected void configure(HttpSecurity http) throws Exception {
log.warn("Configure http");
http.csrf().disable()
.authorizeRequests()
// .antMatchers("/**")
.anyRequest()
.authenticated()
.and().httpBasic();
}