我有 2 个配置文件。一是Spring Boot应用
@SpringBootApplication
public class Application extends SpringBootServletInitializer {
public static void main(String[] args) {
ApplicationContext ctx = SpringApplication.run(Application.class, args);
}
@Override
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(Application.class);
}
...
}
还有 Spring 安全配置。看来它不起作用。每当我访问 localhost:8080 时,它都会询问我的用户名和密码。我相信我在auth.inMemoryAuthentication().withUser("user").password("password").roles("USER")
中配置了它
@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
}
但它显示无效凭据,是否有办法验证这一点?
编辑:我正在尝试将此 xml 配置转换为基于 JavaConfig 但仍然无济于事。
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd">
<context:component-scan base-package="org.app.genesis.client.auth"/>
<http pattern="/resources/**" security="none"/>
<http pattern="/index.jsp" security="none"/>
<http>
<intercept-url pattern="/api/*" requires-channel="https"/>
<!--TODO Add RESOURCE PATTERN checker -->
<form-login login-page="/index.jsp" default-target-url="/dashboard"/>
<logout />
</http>
<!-- Test Login values -->
<authentication-manager>
<!--use inMemoryUserDetailsService for faux auth -->
<authentication-provider ref="customAuthenticationProvider"/>
</authentication-manager>
</beans:beans>
这是我的新 SecurityConfig
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private TenantDetailsService tenantUserDetailsService;
@Autowired
private PasswordEncryptionService passwordEncoder;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(tenantUserDetailsService).passwordEncoder(passwordEncoder);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.formLogin().loginPage("/index.jsp").defaultSuccessUrl("/dashboard");
}
}
安全配置.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd">
<context:component-scan base-package="org.brightworks.genesis.client.auth"/>
<http pattern="/resources/**" security="none"/>
<http pattern="/index.jsp" security="none"/>
<http>
<intercept-url pattern="/api/*" requires-channel="https"/>
<!--TODO Add RESOURCE PATTERN checker -->
<form-login login-page="/index.jsp" default-target-url="/dashboard"/>
<logout />
</http>
<!-- Test Login values -->
<authentication-manager>
<!--use inMemoryUserDetailsService for faux auth -->
<authentication-provider ref="customAuthenticationProvider"/>
</authentication-manager>
</beans:beans>
最佳答案
使用 auth.inMemoryAuthentication(),您只需定义用户及其凭据。 如果你想使用它们,你必须告诉 Spring Boot 不要创建它自己的默认值。 Spring Boot 的默认值是“用户”以及运行应用程序时在控制台中显示的密码。 您可以在 application.properties 文件中设置自己的默认凭据,如下所示:
security.user.name=user
security.user.password=password
management.security.role=USER
关于java - Spring boot ServeletInitializer 和 Spring Security,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/29444310/