我有SecurityConfig,如:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private AuthProviderByIP authProvider;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception
{
auth.authenticationProvider(authProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/public").permitAll()
.antMatchers("/private").hasRole("ADMIN")
.antMatchers("/**").permitAll();
}
}
和AuthProviderByIP这样:
@Component
public class AuthProviderByIP implements AuthenticationProvider {
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
// making own Authentication object
}
@Override
public boolean supports(Class<?> aClass) {
return true;
}
}
当我试图获取/公共资源时,它工作正常 但是当试图获取/私有资源时,它只返回禁止页面。 我用debug检查了它,甚至没有调用authenticate(...)方法。
当谷歌搜索时,只有HttpSecurity配置 .formLogin()和()。httpBasic()
但我现在不需要formLogin。如何在没有formLogin的情况下配置它?
答案 0 :(得分:0)
Spring Security将values = ['Pass', 'Fail', 'Hold']
weights = {'A': [0.3, 0.4, 0.3], 'B': [0.6, 0.2, 0.2]}
df = pd.DataFrame({'Category': list('A'*10 + 'B'*5)})
np.random.seed(0)
def apply_randoms(x):
key = x['Category'].iat[0]
return pd.Series(np.random.choice(values, size=len(x), p=weights[key]))
df = df.groupby('Category').apply(apply_randoms)\
.rename('Result').reset_index().drop('level_1', 1)
print(df)
Category Result
0 A Hold
1 A Fail
2 A Fail
3 A Hold
4 A Pass
5 A Pass
6 A Pass
7 A Hold
8 A Hold
9 A Hold
10 B Hold
11 B Fail
12 B Pass
13 B Fail
14 B Pass
对象存储在Authentication中。如果您不希望表单登录或基本身份验证,请手动进行设置。来自docs:
SecurityContextHolder您可以在HttpSecurity配置中禁用Form-Login和Basic-Auth:
Authentication request = new UsernamePasswordAuthenticationToken(name, password);
Authentication result = authenticationManager.authenticate(request);
SecurityContextHolder.getContext().setAuthentication(result);