我一直在尝试使用百里香的安全标签,但我不能让他们工作 . 这是我的安全类:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private Environment env;
@Autowired
private UserSecurityService userSecurityService;
private BCryptPasswordEncoder passwordEncoder() {
return SecurityUtility.passwordEncoder();
}
private static final String[] PUBLIC_MATCHERS = { "/css/**", "/js/**", "/image/**", "/", "/myAccount" };
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().
antMatchers(PUBLIC_MATCHERS).permitAll().anyRequest().authenticated();
http.csrf().disable().cors().disable().formLogin().failureUrl("/login?error").defaultSuccessUrl("/")
.loginPage("/login").permitAll().and().logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout")).logoutSuccessUrl("/?logout")
.deleteCookies("remember-me").permitAll().and().rememberMe();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userSecurityService).passwordEncoder(passwordEncoder());
}
}
的pom.xml
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
</dependency>
</dependencies>
的index.html
<html lang="en" xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/extras/spring-security">
<ul class="navbar-nav navbar-right">
<li class="nav-item"><a class="nav-link" href="#">Shopping
Cart</a></li>
<li class="nav-item"><a sec:authorize="isAnonymous()"
class="nav-link" th:href="@{/login}">My Account</a></li>
<li class="nav-item"><a sec:authorize="isAuthenticated()"
class="nav-link" th:href="@{/myProfile}">My Account</a></li>
<li class="nav-item"><a class="nav-link"
sec:authorize="isAuthenticated()" href="@{/logout}">Logout</a></li>
</ul>
我的问题是,两个名为My Account的导航项目都显示在页面上,我猜标签sec:authorize没有得到识别或类似的东西,或者我显然做错了什么:(我需要做任何事情吗?其他配置?我正在使用spring boot 2,我试过以不同的方式解决这个问题,从更改百里香器 - extras-springsecurity4的版本到在 Spring 天环境中添加一个bean,但它仍然无法正常工作:(
1 回答
在spring boot auto配置中,不会自动配置
SpringSecurityDialect
的实例 . 因此,您遇到了这个问题 . 尝试添加SpringSecurityDialect
的bean,如下所示,我希望它会起作用 .