java - 无法覆盖rest API的spring security默认基本身份验证
问题描述
我是 Spring 环境的新手,正在尝试 Spring Security,但我无法实现基本身份验证。当我将 spring security starter 添加到 maven 依赖项时,我会通过 spring 获得默认的基本身份验证,并在运行应用程序时生成用户 = 用户和密码。到目前为止,这工作正常。
但是现在即使我添加了 SecurityConfiguration ,默认行为也不会消失。如果我尝试通过我的新凭据访问资源,我会收到错误凭据消息。
关于为什么 spring 仍然使用默认配置,我被困在这里,就像我遵循的所有教程一样,它工作正常。
参考教程
- https://www.youtube.com/watch?v=rOnoKiH97Nc
- https://www.youtube.com/watch?v=kiIMCzEN3c0
- https://www.youtube.com/watch?v=3s2lSD50-JI
pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.worldline.in</groupId>
<artifactId>maven_springboot_rest</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>
<name>maven_springboot_rest</name>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.1.RELEASE</version>
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.jayway.jsonpath</groupId>
<artifactId>json-path</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
</dependencies>
<properties>
<java.version>1.8</java.version>
</properties>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
<repositories>
<repository>
<id>spring-releases</id>
<url>https://repo.spring.io/libs-release</url>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>spring-releases</id>
<url>https://repo.spring.io/libs-release</url>
</pluginRepository>
</pluginRepositories>
</project>
应用程序.java
package com.worldline.rest;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
// Tried component scan too -----
// https://stackoverflow.com/questions/38072517/unable-to-override-spring-boots-default-security-configuration
//@ComponentScan({"com.worldline.config"})
//some stackoverflow links suggest to exclude it for default behavior to go away
//@SpringBootApplication (exclude = {SecurityAutoConfiguration.class })
@SpringBootApplication
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
休息控制器
package com.worldline.rest;
import java.util.concurrent.atomic.AtomicLong;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import com.worldline.pojo.Greeting;
@RestController
public class GreetingController {
private final AtomicLong counter = new AtomicLong();
@RequestMapping("/greeting")
public Greeting greeting(@RequestParam(value="name", defaultValue = "world") String name )
{
return new Greeting(counter.incrementAndGet(), name);
}
}
安全配置
package com.worldline.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
/*http.authorizeRequests()
.anyRequest()
.fullyAuthenticated()
.and().httpBasic();
http.csrf().disable();*/
http.authorizeRequests()
.antMatchers("/greeting").hasRole("ADMIN");
}
/*@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication().withUser("sunny").password("admin").roles("admin");
}
*/
@Autowired
protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception
{
auth.inMemoryAuthentication().withUser("sunny").password("admin").roles("ADMIN");
}
}
解决方案
推荐阅读
- intellij-idea - 如何让 IntelliJ 使用选项卡?
- docker - 如何从 Heroku 克隆一个已经发布的容器?
- javascript - 调试顺序 - 带有 await 关键字的内联断点
- kubernetes - 为什么我应该在 K8s pod 定义 YAML 中的“值”前面有一个破折号?
- java - Spring Data Elasticsearch 动态映射。将属性映射为键值?
- apache-spark - 如何使用 pyspark 替换 RDD 中的字符?
- r - 如何解决具有指数分布和泊松分布的 R 问题?
- node.js - 9**66 != n**66 在节点 11.6.0 中 n=9
- c - 如何仅使用 open 和 read 系统调用来读取文件权限位?
- html - 试图实现使用 flexbox 的多级菜单