首页 文章

Spring boot ServeletInitializer和Spring Security

提问于
浏览
2

我有2个配置文件 . 一个是Spring Boot应用程序

@SpringBootApplication
public class Application extends SpringBootServletInitializer {

    public static void main(String[] args) {
        ApplicationContext ctx = SpringApplication.run(Application.class, args);
    }

    @Override
    protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
        return application.sources(Application.class);
    }
    ...
   }

和Spring Security Config . 它似乎无法正常工作 . 每当我访问localhost:8080时,它会询问我的用户名和密码 . 我相信我在_1108904中配置了

@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter{
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication()
            .withUser("user").password("password").roles("USER");
    }
}

但它显示无效的凭据,无论如何都要验证这个?

编辑:我试图将此xml配置转换为基于JavaConfig,但仍无济于事 .

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:context="http://www.springframework.org/schema/context"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security.xsd
           http://www.springframework.org/schema/context
    http://www.springframework.org/schema/context/spring-context.xsd">

    <context:component-scan base-package="org.app.genesis.client.auth"/>

    <http pattern="/resources/**" security="none"/>
    <http pattern="/index.jsp" security="none"/>

    <http>
        <intercept-url pattern="/api/*" requires-channel="https"/>
        <!--TODO Add RESOURCE PATTERN checker -->
        <form-login login-page="/index.jsp" default-target-url="/dashboard"/>
        <logout />
    </http>

    <!-- Test Login values -->
    <authentication-manager>
        <!--use inMemoryUserDetailsService for faux auth -->
        <authentication-provider ref="customAuthenticationProvider"/>
    </authentication-manager>
</beans:beans>

这是我的新SecurityConfig

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {


    @Autowired
    private TenantDetailsService tenantUserDetailsService;

    @Autowired
    private PasswordEncryptionService passwordEncoder;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(tenantUserDetailsService).passwordEncoder(passwordEncoder);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.formLogin().loginPage("/index.jsp").defaultSuccessUrl("/dashboard");
    }
}

安全-config.xml中

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:context="http://www.springframework.org/schema/context"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security.xsd
           http://www.springframework.org/schema/context
    http://www.springframework.org/schema/context/spring-context.xsd">

    <context:component-scan base-package="org.brightworks.genesis.client.auth"/>

    <http pattern="/resources/**" security="none"/>
    <http pattern="/index.jsp" security="none"/>

    <http>
        <intercept-url pattern="/api/*" requires-channel="https"/>
        <!--TODO Add RESOURCE PATTERN checker -->
        <form-login login-page="/index.jsp" default-target-url="/dashboard"/>
        <logout />
    </http>

    <!-- Test Login values -->
    <authentication-manager>
        <!--use inMemoryUserDetailsService for faux auth -->
        <authentication-provider ref="customAuthenticationProvider"/>
    </authentication-manager>
</beans:beans>
java spring spring-mvc spring-security spring-boot

2 回答

  • 1

    如果您想使用自己的身份验证版本 . 首先启动 spring 靴 spring 安全配置 . 在application.properties上添加它 .

    security.basic.enabled=false

    并将您的http配置更改为此 .

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
            .antMatchers("/**")
            .hasAnyRole("ROLE1","ROLE2")
            .and()
            .formLogin()
            .loginPage("/login")
            .loginProcessingUrl("/j_spring_security_check")
            .defaultSuccessUrl("/product/search", true)
            .permitAll()
            .and()
            .csrf()
            .disable()
            .logout()
            .logoutUrl("/j_spring_security_logout")
            .logoutSuccessUrl("/login");
    }

    将所述配置与此登录表单匹配

    <form class="form-signin"name="f" action="${pageContext.request.contextPath}/j_spring_security_check" method="POST">
    <fieldset>
            <input class="form-control form-group" type="text" name="username" placeholder="Username">
            <input class="form-control" type="password" name="password" placeholder="Password" >
            <a class="forgot pull-right" href="#">Forgot password?</a>
            <button name="submit" class="btn btn-block btn-primary" type="submit">Sign in</button>
    </fieldset>
</form>

    假设页面登录页面是“/ login”,那么你说POST请求的是j_spring_security_check . 因此,loginProcessingUrl设置为

    j_spring_security_check
    回复于
  • 3

    使用auth.inMemoryAuthentication(),您只能定义用户及其凭据 . 如果要使用它们,必须告诉Spring Boot不要创建自己的默认值 . Spring Boot的默认值是“user”,以及运行应用程序时在控制台中显示的密码 . 您可以在application.properties文件中设置自己的默认凭据,如下所示:

    security.user.name=user
security.user.password=password
management.security.role=USER
    回复于

相关问题