Question

我已经配置了所有属性，但我的应用程序仍然加载没有弹簧安全性，好像它不存在...请帮助我，我做错了什么。

在这里，我没有使用邮递员的身份证明我的房间：

以下是我的课程：

SecurityConfiguration：

{"status": "ok", "items": [{"can_delete_comments": false, "code":...etc

SecurityInitializer：

package com.vidaflo.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;

@Configuration
@EnableWebSecurity
@ComponentScan("com.vidaflo")
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("bill").password("abc123").roles("ADMIN");
        auth.inMemoryAuthentication().withUser("tom").password("abc123").roles("USER");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .authorizeRequests().antMatchers("/room/**").hasRole("ADMIN")
                .and()
                .httpBasic()
                .and()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }
}

WebConfiguration：

package com.vidaflo.config;

import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;

public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer {
}

Tomcat嵌入式：

package com.vidaflo.config;

import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;

@Configuration
@EnableWebMvc
@ComponentScan(basePackages = "com.vidaflo.controllers")
public class WebConfiguration extends WebMvcConfigurationSupport {
}

休息控制器：

package com.vidaflo.server;

import com.vidaflo.config.ApplicationConfiguration;
import com.vidaflo.config.DatabaseConfiguration;
import com.vidaflo.config.SecurityConfiguration;
import com.vidaflo.config.WebConfiguration;
import lombok.extern.slf4j.Slf4j;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.startup.Tomcat;
import org.springframework.core.env.PropertiesPropertySource;
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
import org.springframework.web.servlet.DispatcherServlet;

@Slf4j
public class Application {
    private static final String APPLICATION_PROPERTIES = System.getProperty("app.properties");
    private static final int DEFAULT_PORT = 8080;
    private static final String DEFAULT_CONTEXT_PATH = "/app";

    private AppProperties appProperties;
    private AnnotationConfigWebApplicationContext ctx;

    public static void main(String[] args) throws LifecycleException {
        Application app = new Application(APPLICATION_PROPERTIES);
        Server server = new TomcatServer(new Tomcat());
        app.run(server);
    }

    public Application(String fieldName) {
        loadProperties(fieldName);
    }

    public void run(Server server) {
        initApplicationContext();
        server.run(getConfig());
    }

    private void loadProperties(String fieldName) {
        appProperties = new AppProperties();
        appProperties.load(fieldName);
    }

    private void initApplicationContext() {
        log.info("Initialize application context...");

        ctx = new AnnotationConfigWebApplicationContext();
        ctx.register(SecurityConfiguration.class);
        ctx.register(ApplicationConfiguration.class);
        ctx.register(WebConfiguration.class);
        ctx.register(DatabaseConfiguration.class);
        ctx.getEnvironment()
            .getPropertySources()
            .addLast(new PropertiesPropertySource("applicationEnvironment", appProperties.getProperties()));
    }

    private ServerConfig getConfig() {
        ServerConfig serverConfig = new ServerConfig();
        serverConfig.setPort(appProperties.getPort(DEFAULT_PORT));
        serverConfig.setContextPath(appProperties.getContextPath(DEFAULT_CONTEXT_PATH));
        serverConfig.setServlet(getServlet());
        return serverConfig;
    }

    private DispatcherServlet getServlet() {
        return new DispatcherServlet(ctx);
    }
}

请告诉我是否应该添加其他详细信息。我需要帮助，我无法理解我做错了什么。

Answer 1

找到答案，我们应该在tomcat嵌入式配置中手动添加spring安全过滤器，如下所示：

keys %count

Answer 2

尝试更改角色＆＃34; ADMIN＆＃34; ＆＃34; USER＆＃34;到＆＃34; ROLE_ADMIN＆＃34; ＆＃34; ROLE_USER＆＃34;在configureGlobalSecurity方法和enum＆＃34; Roles＆＃34;中，但在configure方法中没有改变。

春季安全+休息不起作用

2 个答案: