我正在尝试使用内存内授权配置Spring-Boot 2应用程序,这会让我发疯...
除了/news,我需要保护所有资源。
我已经在Spring的文档之后创建了此配置bean,但是Spring Security不允许在/news上使用GET方法:
@Slf4j
@Configuration
@EnableWebSecurity
public class ApplicationAuthentication extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers(HttpMethod.GET,"/news");
}
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth
.inMemoryAuthentication()
.withUser("user")
.password("password")
.roles("USER")
.and()
.withUser("admin")
.password("admin")
.roles("USER", "ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers(HttpMethod.GET,"/news")
.permitAll()
.anyRequest()
.authenticated()
.and()
.httpBasic();
}
}
我正在使用spring-boot 2.0.4.RELEASE,
有人可以帮我吗?