我正在使用Spring Security进行基本身份验证。但是它带有默认身份验证,我正在尝试通过application.properties禁用它。这是我尝试过的:
SpringBasicSecurityApplication.java
@SpringBootApplication(exclude={SecurityAutoConfiguration.class})
@EnableWebSecurity
public class SpringBasicSecurityApplication {
public static void main(String[] args) {
SpringApplication.run(SpringBasicSecurityApplication.class, args);
}
}
ApplicationController.java
@RestController
@RequestMapping("/rest/auth")
public class ApplicationController {
@GetMapping("/getMsg")
public String greeting() {
return "Spring Security Example!!!";
}
}
application.properties
spring.security.user.name=xusername
spring.security.user.passward=xpassword
server.port = 8081
logging.level.org.springframework.boot.autoconfigure.security=INFO
我在做什么错?预先感谢。
答案 0 :(得分:1)
只需授予所有人对配置中任何请求的权限:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
// HTTP security configuration
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll()
.anyRequest().permitAll
.and().httpBasic();
}
}
答案 1 :(得分:1)
感谢@ Seldo97,您的建议对我有用,但我想对某些特殊类型的URL进行身份验证,因此在您的代码帮助下,我确实喜欢:-
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("admin").password("admin").roles("ADMIN");
auth.inMemoryAuthentication().withUser("user").password("user").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.authorizeRequests().antMatchers("/resto/**").hasRole("ADMIN").anyRequest().fullyAuthenticated().and()
.httpBasic();
`@Bean
public static NoOpPasswordEncoder passwordEncoder() {
return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance();
}`
谢谢您的帮助:)