我在前端开发spring 4 web项目和angularjs app。我使用基于java的spring安全配置。现在我尝试为用户授权实现Spring Web安全性4。我创建了i class:
SecurityConfig并将main注释添加到主spring配置类:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.httpBasic();
}
...
如果我理解得很好,现在当浏览器弹簧上的打开项目应该将我重定向到默认的弹簧安全登录表单以进行授权(@Configuration
@EnableWebMvc
@ComponentScan(basePackages = "com.gepick.*")
@EnableTransactionManagement
@Import({ SecurityConfig.class })
public class WebAppConfig extends WebMvcConfigurerAdapter{
...
),但在我的情况下不会重定向,而是在没有授权表单的情况下打开Web应用程序。为什么呢?
答案 0 :(得分:1)
您是否在web.xml中添加了springSecurityFilterChain?
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>