在带有 spring-boot-starter-security 的 Spring Boot 中,HTTP 安全性是自动配置的。我想在 Spring Boot 自动配置 HttpSecurity 对象之后配置它,即对默认配置进行一些调整,而无需重新配置整个对象。如何在 Spring Boot 中做到这一点?
最佳答案
调整 spring-boot 安全配置的一种方法是通过 properties ,默认情况下是:
# ----------------------------------------
# SECURITY PROPERTIES
# ----------------------------------------
# SECURITY (SecurityProperties)
spring.security.filter.order=-100 # Security filter chain order.
spring.security.filter.dispatcher-types=async,error,request # Security filter chain dispatcher types.
spring.security.user.name=user # Default user name.
spring.security.user.password= # Password for the default user name.
spring.security.user.roles= # Granted roles for the default user name.
# SECURITY OAUTH2 CLIENT (OAuth2ClientProperties)
spring.security.oauth2.client.provider.*= # OAuth provider details.
spring.security.oauth2.client.registration.*= # OAuth client registrations.
如果属性不能提供足够的灵 active ,您可以扩展 WebSecurityConfigurerAdapter并覆盖配置方法,如图 here 。示例来自official doc :
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/css/**", "/index").permitAll()
.antMatchers("/user/**").hasRole("USER")
.and()
.formLogin()
.loginPage("/login").failureUrl("/login-error");
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
}
这将超越自动配置的 spring-boot 安全性,有效地使用提供的任何配置覆盖它。
关于java - Spring boot,如何重新配置http-security,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49607240/