我有2个配置文件 . 一个是Spring Boot应用程序
@SpringBootApplication
public class Application extends SpringBootServletInitializer {
public static void main(String[] args) {
ApplicationContext ctx = SpringApplication.run(Application.class, args);
}
@Override
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(Application.class);
}
...
}
和Spring Security Config . 它似乎无法正常工作 . 每当我访问localhost:8080时,它会询问我的用户名和密码 . 我相信我在_1108904中配置了
@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
}
但它显示无效的凭据,无论如何都要验证这个?
编辑:我试图将此xml配置转换为基于JavaConfig,但仍无济于事 .
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd">
<context:component-scan base-package="org.app.genesis.client.auth"/>
<http pattern="/resources/**" security="none"/>
<http pattern="/index.jsp" security="none"/>
<http>
<intercept-url pattern="/api/*" requires-channel="https"/>
<!--TODO Add RESOURCE PATTERN checker -->
<form-login login-page="/index.jsp" default-target-url="/dashboard"/>
<logout />
</http>
<!-- Test Login values -->
<authentication-manager>
<!--use inMemoryUserDetailsService for faux auth -->
<authentication-provider ref="customAuthenticationProvider"/>
</authentication-manager>
</beans:beans>
这是我的新SecurityConfig
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private TenantDetailsService tenantUserDetailsService;
@Autowired
private PasswordEncryptionService passwordEncoder;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(tenantUserDetailsService).passwordEncoder(passwordEncoder);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.formLogin().loginPage("/index.jsp").defaultSuccessUrl("/dashboard");
}
}
安全-config.xml中
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd">
<context:component-scan base-package="org.brightworks.genesis.client.auth"/>
<http pattern="/resources/**" security="none"/>
<http pattern="/index.jsp" security="none"/>
<http>
<intercept-url pattern="/api/*" requires-channel="https"/>
<!--TODO Add RESOURCE PATTERN checker -->
<form-login login-page="/index.jsp" default-target-url="/dashboard"/>
<logout />
</http>
<!-- Test Login values -->
<authentication-manager>
<!--use inMemoryUserDetailsService for faux auth -->
<authentication-provider ref="customAuthenticationProvider"/>
</authentication-manager>
</beans:beans>
2 回答
如果您想使用自己的身份验证版本 . 首先启动 spring 靴 spring 安全配置 . 在application.properties上添加它 .
并将您的http配置更改为此 .
将所述配置与此登录表单匹配
假设页面登录页面是“/ login”,那么你说POST请求的是j_spring_security_check . 因此,loginProcessingUrl设置为
使用auth.inMemoryAuthentication(),您只能定义用户及其凭据 . 如果要使用它们,必须告诉Spring Boot不要创建自己的默认值 . Spring Boot的默认值是“user”,以及运行应用程序时在控制台中显示的密码 . 您可以在application.properties文件中设置自己的默认凭据,如下所示: