Question

这是我第一次使用Spring Boot安全的REST应用程序。我已经在我的类路径中添加了spring-boot-starter-security，我知道这会自动保护所有URL。但是在我开发的这一点上，我还没有做好准备，所以我添加了一个antMatcher来允许所有的URL。但无论我在WebSecurityConfig中放置什么，我仍然会收到错误消息：

Full authentication is required to access this resource

下面是我的WebSecurityConfig。还有什么我需要做的事情让Spring接这个吗？如何验证它是否被使用？非常感谢！

package com.company.jwt.security;

import java.util.Properties;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;

import com.company.jwt.UserUtils;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity.csrf().disable().authorizeRequests()
        .antMatchers("/**").permitAll();
}

@Override
protected void configure(AuthenticationManagerBuilder authBuilder) throws Exception {
    authBuilder.userDetailsService(inMemoryUserDetailsManager());
}

@Bean
public InMemoryUserDetailsManager inMemoryUserDetailsManager() {
    Properties props = new Properties();
    UserUtils.getUsers()
        .forEach(e -> props.put(e.getUsername(), e.getPassword() + "," +
                e.getAuthorities() + ", enabled"));
    return new InMemoryUserDetailsManager(props);
}
}

Answer 1

您尝试访问哪种URL？你创建的休息控制器？

可能存在覆盖您网址权限的内容。

我在没有问题的情况下运行代码（SpringBoot 1.5.2）。

@SpringBootApplication
@RestController
public class DemoApplication {

    public static void main(String[] args) {
        SpringApplication.run(DemoApplication.class, args);
    }

    @RequestMapping("/foo")
    public String foo() {
        return "foo";
    }
}

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf().disable().authorizeRequests()
                .antMatchers("/**").permitAll();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .inMemoryAuthentication()
                .withUser("user").password("password").roles("USER");
    }
}


$ curl -s http://localhost:8080/foo
foo

Spring Boot似乎没有看到我的Web安全配置

1 个答案: