无法覆盖rest API的spring security默认基本身份验证

时间:2018-05-29 11:00:11

标签: java spring spring-boot spring-security

我是春天环境的新手,正在尝试弹簧安全,但我无法实现基本身份验证。 当我将spring安全启动器添加到maven依赖关系时,我得到spring的默认基本身份验证,用户= user&运行应用程序时生成的密码。到目前为止,这个工作正常。

但是现在即使我添加了SecurityConfiguration,默认行为也不会消失。如果我尝试通过新凭据访问资源,则会收到错误的凭据消息。

我被困在这里为什么spring仍然使用默认配置,就像我所遵循的所有教程一样,这很好。

参考教程

  1. https://www.youtube.com/watch?v=rOnoKiH97Nc
  2. https://www.youtube.com/watch?v=kiIMCzEN3c0
  3. https://www.youtube.com/watch?v=3s2lSD50-JI
  4. Project Structure

    的pom.xml

    <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
        <modelVersion>4.0.0</modelVersion>
        <groupId>com.worldline.in</groupId>
        <artifactId>maven_springboot_rest</artifactId>
        <version>0.0.1-SNAPSHOT</version>
        <packaging>war</packaging>
        <name>maven_springboot_rest</name>
        <parent>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-parent</artifactId>
            <version>2.0.1.RELEASE</version>
        </parent>
    
        <dependencies>
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-web</artifactId>
            </dependency>
    
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-test</artifactId>
                <scope>test</scope>
            </dependency>
    
            <dependency>
                <groupId>com.jayway.jsonpath</groupId>
                <artifactId>json-path</artifactId>
                <scope>test</scope>
            </dependency>
    
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-security</artifactId>
            </dependency>
    
        </dependencies>
    
    
        <properties>
            <java.version>1.8</java.version>
        </properties>
    
    
        <build>
            <plugins>
                <plugin>
                    <groupId>org.springframework.boot</groupId>
                    <artifactId>spring-boot-maven-plugin</artifactId>
                </plugin>
            </plugins>
        </build>
    
        <repositories>
            <repository>
                <id>spring-releases</id>
                <url>https://repo.spring.io/libs-release</url>
            </repository>
        </repositories>
        <pluginRepositories>
            <pluginRepository>
                <id>spring-releases</id>
                <url>https://repo.spring.io/libs-release</url>
            </pluginRepository>
        </pluginRepositories>
    </project>
    

    Application.java

    package com.worldline.rest;
    
    import org.springframework.boot.SpringApplication;
    import org.springframework.boot.autoconfigure.SpringBootApplication;
    import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
    
         // Tried component scan too ----- 
          //  https://stackoverflow.com/questions/38072517/unable-to-override-spring-boots-default-security-configuration       
             //@ComponentScan({"com.worldline.config"})
    
        //some stackoverflow links suggest to exclude it for default behavior to go away
            //@SpringBootApplication (exclude = {SecurityAutoConfiguration.class })
    
     @SpringBootApplication
     public class Application {
    
                public static void main(String[] args) {
                    SpringApplication.run(Application.class, args);
    
                }
    
            }
    

    休息控制器

    package com.worldline.rest;
    
    import java.util.concurrent.atomic.AtomicLong;
    
    import org.springframework.web.bind.annotation.RequestMapping;
    import org.springframework.web.bind.annotation.RequestParam;
    import org.springframework.web.bind.annotation.RestController;
    
    import com.worldline.pojo.Greeting;
    
    
    @RestController
    public class GreetingController {
    
        private final AtomicLong counter = new AtomicLong();
    
        @RequestMapping("/greeting")
        public Greeting greeting(@RequestParam(value="name", defaultValue = "world") String name )
        {
            return new Greeting(counter.incrementAndGet(), name);
        }
    
    }
    

    安全配置

    package com.worldline.config;
    
    import org.springframework.beans.factory.annotation.Autowired;
    import org.springframework.context.annotation.Configuration;
    import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
    import org.springframework.security.config.annotation.web.builders.HttpSecurity;
    import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
    import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
    import org.springframework.security.config.http.SessionCreationPolicy;
    
    @Configuration
    @EnableWebSecurity
    
    public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            /*http.authorizeRequests()
            .anyRequest()
            .fullyAuthenticated()
            .and().httpBasic();
    
            http.csrf().disable();*/
    
    
            http.authorizeRequests()
            .antMatchers("/greeting").hasRole("ADMIN");
        }
    
        /*@Override
        protected void configure(AuthenticationManagerBuilder auth)
                throws Exception {
            auth.inMemoryAuthentication().withUser("sunny").password("admin").roles("admin");
        }
    */
    
        @Autowired
        protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception
        {
            auth.inMemoryAuthentication().withUser("sunny").password("admin").roles("ADMIN");
        }
    
    }
    

0 个答案:

没有答案