Question

我正在使用Spring Security内存身份验证，但是无法正常工作。它会生成默认密码，但不会使用我在配置中生成的用户名和密码。下面是我的控制器：

@CrossOrigin(origins = "*")
@EnableAutoConfiguration
@RestController
@RequestMapping("/api")
public class AppController {

     @RequestMapping(value="/hello", method=RequestMethod.GET, produces="text/plain")
     public String sayHello() {
         return "Hello welcome to spring security!!!!";
     }
}

下面是我的安全配置类：

@Component
@EnableWebSecurity
/*@EnableGlobalMethodSecurity*/
@EnableAutoConfiguration(exclude = { 
        org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class 
    })
public class SecurityProvider extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/api/*").hasRole("ADMIN")
                .and()
            .formLogin();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {           
        auth
            .inMemoryAuthentication()
                .withUser("ramu")
                    .password("password")
                    .roles("ADMIN")
                    .and()
                .withUser("gopal")
                    .password("password")
                    .roles("USER");
    }

    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        // ALTHOUGH THIS SEEMS LIKE USELESS CODE,
        // ITS REQUIRED TO PREVENT SPRING BOOT AUTO-CONFIGURATION
        return super.authenticationManagerBean();
    }
}

我还尝试通过使用以下注释在主应用程序中排除SecurityAutoconfiguration.class：

@SpringBootApplication(exclude = {SecurityAutoConfiguration.class })
public class App {
    public static void main( String[] args ) {
        SpringApplication.run(App.class, args);
    }
}

但是幸运的是，它没有使用我在配置类中配置的用户名和密码。

Answer 1

我已修复您的设置，请参见下面的代码。

WebSecurityConfig（而不是以前的userAgent组件）：

ServiceProvider

RestController：

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception{
        http.authorizeRequests().antMatchers("/api/*").hasRole("ADMIN").and().formLogin();

    }

    PasswordEncoder passwordEncoder =
            PasswordEncoderFactories.createDelegatingPasswordEncoder();

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception{
        auth.inMemoryAuthentication()
                .passwordEncoder(passwordEncoder)
                .withUser("ramu")
                .password("password")
                .roles("ADMIN")
            .and()
                .passwordEncoder(passwordEncoder)
                .withUser("gopal")
                .password("password")
                .roles("USER");
    }
}

我必须更改的内容

@CrossOrigin(origins = "*") @EnableAutoConfiguration @RestController @RequestMapping("/api") public class AppController { @RequestMapping(value="/hello",method=RequestMethod.GET,produces="text/plain") public String sayHello(){ return "Hello welcome to spring security!!!!"; } }-> ServiceProvider @Component
我注册了一个WebSecurityConfig @Configuration
我还原了所有PasswordEncoder注释
我还原了@EnableAutoConfiguration Bean

我用了弹簧父母：

AuthenticationManager

<parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>2.0.4.RELEASE</version> <relativePath/>  </parent>版spring-boot-starter-parent的解决方案：

1.5.7.RELEASE

也许在这里也考虑使用一种@Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override public void configure(HttpSecurity http) throws Exception{ http.authorizeRequests().antMatchers("/api/*").hasRole("ADMIN").and().formLogin(); } @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception{ auth.inMemoryAuthentication() .withUser("ramu") .password("password") .roles("ADMIN") .and() .withUser("gopal") .password("password") .roles("USER"); }}。

Spring Security内存身份验证问题

1 个答案: