我是一名新手,在使用Java配置配置Spring Security方面。我试图遵循{{link1:此帖子}}。然而,当我运行我的应用程序时,所有URL(包括/)都会出现基本身份验证挑战。输入下面的用户ID /密码组合似乎不起作用。
我的控制器:
我的控制器:
package com.xxx.web;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
@RequestMapping("/")
/**
* Controller to handle basic "root" URLs
*
* @author xxx
* @version 0.1.0
*/
public class RootController {
/**
* Handles '/'
* @param model
* @return
*/
@RequestMapping
public String index(Model model) {
return "index";
}
/**
* Handles '/signup'
* @param model
* @return
*/
@RequestMapping("/signup")
public String signup(Model model) {
return "signup";
}
/**
* Handles '/about'
* @param model
* @return
*/
@RequestMapping("/about")
public String about(Model model) {
return "about";
}
/**
* Handles '/login'
* @param model
* @return
*/
@RequestMapping("/login")
public String login(Model model) {
return "login";
}
/**
* Handles '/admin'
* @param model
* @return
*/
@RequestMapping("/admin")
public String admin(Model model) {
return "admin";
}
}
我不确定还有什么其他尝试的方法。只是想寻求一些指导,了解为什么这个不起作用。
更新
为了完整起见,这是配置类:
package com.xxx.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
/**
* Configures the security for the application
*
* @author XXX
* @version 0.1.0
*
*/
public class WebSecurityAppConfig extends WebSecurityConfigurerAdapter {
@Override
/**
* @see org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter#registerAuthentication(AuthenticationManagerBuilder)
*/
protected void registerAuthentication(AuthenticationManagerBuilder auth)
throws Exception {
auth
.inMemoryAuthentication()
.withUser("user") // #1
.password("password")
.roles("USER")
.and()
.withUser("admin") // #2
.password("password")
.roles("ADMIN","USER");
}
@Override
/**
* @see org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter#configure(WebSecurity)
*/
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/resources/**"); // #3
}
@Override
/**
* @see org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter#configure(HttpSecurity)
*/
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/","/signup","/about").permitAll() // #4
.antMatchers("/admin/**").hasRole("ADMIN") // #6
.anyRequest().authenticated() // 7
.and()
.formLogin() // #8
.loginPage("/login") // #9
.permitAll(); // #5
}
}
而WebApplicationInitializer:
package com.xxx.config;
import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
/**
*
* @author XXX
* @version 0.1.0
*/
public class SpringWebMvcInitializer extends
AbstractAnnotationConfigDispatcherServletInitializer {
@Override
/**
*
*/
protected Class<?>[] getRootConfigClasses() {
return new Class[] { WebSecurityAppConfig.class };
}
@Override
/**
*
*/
protected Class<?>[] getServletConfigClasses() {
return null;
}
@Override
/**
*
*/
protected String[] getServletMappings() {
return null;
}
}
我之前没有包含这些内容,因为它们基本上是从参考博客文章中复制粘贴而来的。
AbstractAnnotationConfigDispatcherServletInitializer
,而是尝试使用SpringBootServletInitializer
。 - Dave SyerSpringBootServletInitializer
。希望这能让我克服当前的障碍。 - CodeChimp