java 如何在 Spring Boot 中覆盖 Spring Security 默认配置
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/35600488/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-11-03 00:20:52 来源:igfitidea点击:
How to override Spring Security default configuration in Spring Boot
提问by G.Spansky
I have a little problem with Spring Boot. I really like Spring Boot, it's very convinient tool, which allow me to focus on logic implementation instead of beans configuration. BUT... I want to override default Spring Security configuraton. I've created SecurityConfig class, and Spring Boot loads that class when starts. I can see my config beans on address/beans.
我对 Spring Boot 有一个小问题。我真的很喜欢 Spring Boot,它是一个非常方便的工具,它让我可以专注于逻辑实现而不是 bean 配置。但是......我想覆盖默认的 Spring Security 配置。我已经创建了 SecurityConfig 类,并且 Spring Boot 在启动时加载该类。我可以在 address/beans 上看到我的配置 bean。
But configuration is still default (I guess).
但配置仍然是默认的(我猜)。
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception{
auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
}
protected void cofigure(HttpSecurity http) throws Exception{
http.authorizeRequests()
.antMatchers("/app/").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll()
.and()
.csrf()
.and()
.exceptionHandling()
.accessDeniedPage("/error");
}
}
I've declared user with username: user, and pass: password. I've also declared, that Spring Security must allow any user to see the index site: localhost:port/app/ .
我已经用用户名:user 和 pass:password 声明了用户。我还声明,Spring Security 必须允许任何用户查看索引站点: localhost:port/app/ 。
I supposed that If I enter localhost:port/app/ url into browser, Spring Security let me in. Instead, I get localhost:port/login page and default Spring Security login form. Moreover, username and password declared in AuthenticationManager doesnt't work.
我想如果我在浏览器中输入 localhost:port/app/ url,Spring Security 让我进入。相反,我得到 localhost:port/login 页面和默认的 Spring Security 登录表单。此外,在 AuthenticationManager 中声明的用户名和密码不起作用。
But if I type my app properties credentias it works.
但是如果我输入我的应用程序属性凭据,它就可以工作。
security.user.name=testUser
security.user.password=testPass
security.user.role=USER
Conclusion: It seems that Spring Boot loads my custom Spring Securty config, but it doesn't use it.
结论:似乎 Spring Boot 加载了我的自定义 Spring Securty 配置,但它没有使用它。
Why?
为什么?
EDIT:
编辑:
Now my SecurityConf looks like this:
现在我的 SecurityConf 看起来像这样:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception{
auth.inMemoryAuthentication().withUser("user").password("password").roles("ROLE_USER");
}
protected void cofigure(HttpSecurity http) throws Exception{
http
.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/app/").permitAll()
.and().formLogin();
}
}
pom.xml:
pom.xml:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>szczepanski.gerard</groupId>
<artifactId>spring-boot-edu-fm</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>SpringBootEduFreemarker</name>
<description>Demo project for Spring Boot</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.3.2.RELEASE</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-freemarker</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.hsqldb</groupId>
<artifactId>hsqldb</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.scala-lang</groupId>
<artifactId>scala-library</artifactId>
<version>2.11.0</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
And stack trace occuring when Spring Boot is initializing:
Spring Boot 初始化时发生的堆栈跟踪:
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.con
fig.annotation.web.configuration.WebSecurityConfiguration': Injection of autowired dependencies failed; nested exception
is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.
security.config.annotation.web.configuration.WebSecurityConfiguration.setFilterChainProxySecurityConfigurer(org.springfr
amework.security.config.annotation.ObjectPostProcessor,java.util.List) throws java.lang.Exception; nested exception is o
rg.springframework.beans.factory.BeanExpressionException: Expression parsing failed; nested exception is org.springframe
work.beans.factory.BeanCreationException: Error creating bean with name 'securityConfiguration': Injection of autowired
dependencies failed; nested exception is java.lang.IllegalArgumentException: ROLE_USER cannot start with ROLE_ (it is au
tomatically added)
at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(Autowire
dAnnotationBeanPostProcessor.java:334) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBea
nFactory.java:1214) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBea
nFactory.java:543) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanF
actory.java:482) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getObject(AbstractBeanFactory.java:306) ~[spring-bea
ns-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.jav
a:230) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302) ~[spring-beans
-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) ~[spring-beans-4
.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java
:368) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractA
utowireCapableBeanFactory.java:1123) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapa
bleBeanFactory.java:1018) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBea
nFactory.java:510) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanF
actory.java:482) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getObject(AbstractBeanFactory.java:306) ~[spring-bea
ns-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.jav
a:230) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302) ~[spring-beans
-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202) ~[spring-beans-4
.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1060) ~[sprin
g-context-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.initDelegate(DelegatingFilterProxy.java:326) ~[spring-web-4.2.4
.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.initFilterBean(DelegatingFilterProxy.java:235) ~[spring-web-4.2
.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.web.filter.GenericFilterBean.init(GenericFilterBean.java:199) ~[spring-web-4.2.4.RELEASE.jar:4.2
.4.RELEASE]
at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:279) ~[tomcat-embed-core-8.
0.30.jar:8.0.30]
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:109) ~[tomcat-embed-core-8.0.30
.jar:8.0.30]
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4659) [tomcat-embed-core-8.0.30.jar:8.0.30
]
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5281) [tomcat-embed-core-8.0.30.jar:8.0.
30]
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) [tomcat-embed-core-8.0.30.jar:8.0.30]
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1408) [tomcat-embed-core-8.0.30.jar:8.0.30
]
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1398) [tomcat-embed-core-8.0.30.jar:8.0.30
]
at java.util.concurrent.FutureTask.run(Unknown Source) [na:1.8.0_66]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [na:1.8.0_66]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [na:1.8.0_66]
at java.lang.Thread.run(Unknown Source) [na:1.8.0_66]
Caused by: org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springfra
mework.security.config.annotation.web.configuration.WebSecurityConfiguration.setFilterChainProxySecurityConfigurer(org.s
pringframework.security.config.annotation.ObjectPostProcessor,java.util.List) throws java.lang.Exception; nested excepti
on is org.springframework.beans.factory.BeanExpressionException: Expression parsing failed; nested exception is org.spri
ngframework.beans.factory.BeanCreationException: Error creating bean with name 'securityConfiguration': Injection of aut
owired dependencies failed; nested exception is java.lang.IllegalArgumentException: ROLE_USER cannot start with ROLE_ (i
t is automatically added)
at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(Auto
wiredAnnotationBeanPostProcessor.java:661) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:88) ~[spring-beans-4.2.
4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(Autowire
dAnnotationBeanPostProcessor.java:331) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
... 31 common frames omitted
Caused by: org.springframework.beans.factory.BeanExpressionException: Expression parsing failed; nested exception is org
.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityConfiguration': Injection o
f autowired dependencies failed; nested exception is java.lang.IllegalArgumentException: ROLE_USER cannot start with ROL
E_ (it is automatically added)
at org.springframework.context.expression.StandardBeanExpressionResolver.evaluate(StandardBeanExpressionResolver.java:1
64) ~[spring-context-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.evaluateBeanDefinitionString(AbstractBeanFactory.java:
1413) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.
java:1029) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.ja
va:1014) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(Auto
wiredAnnotationBeanPostProcessor.java:618) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
... 33 common frames omitted
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityConfiguration
': Injection of autowired dependencies failed; nested exception is java.lang.IllegalArgumentException: ROLE_USER cannot
start with ROLE_ (it is automatically added)
at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(Autowire
dAnnotationBeanPostProcessor.java:334) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBea
nFactory.java:1214) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBea
nFactory.java:543) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanF
actory.java:482) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getObject(AbstractBeanFactory.java:306) ~[spring-bea
ns-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.jav
a:230) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302) ~[spring-beans
-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202) ~[spring-beans-4
.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:
534) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:
523) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.security.config.annotation.web.configuration.AutowiredWebSecurityConfigurersIgnoreParents.getWeb
SecurityConfigurers(AutowiredWebSecurityConfigurersIgnoreParents.java:53) ~[spring-security-config-4.0.3.RELEASE.jar:4.0
.3.RELEASE]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_66]
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[na:1.8.0_66]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[na:1.8.0_66]
at java.lang.reflect.Method.invoke(Unknown Source) ~[na:1.8.0_66]
at org.springframework.expression.spel.support.ReflectiveMethodExecutor.execute(ReflectiveMethodExecutor.java:113) ~[sp
ring-expression-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.expression.spel.ast.MethodReference.getValueInternal(MethodReference.java:129) ~[spring-expressi
on-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.expression.spel.ast.MethodReference.access @Configuration
@EnableWebSecurity //Very important!
@EnableGlobalMethodSecurity(securedEnabled = true)
@Profile("dev")
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override //Very important!
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/app/user/*").hasAnyRole("USER", "ADMIN")
.antMatchers("/app/posts/*").hasAnyRole("USER", "ADMIN")
.antMatchers("/app/*").permitAll()
.and()
.formLogin()
.loginPage("/app/")
.loginProcessingUrl("/login")
.usernameParameter("username")
.defaultSuccessUrl("/app/", true)
.and()
.logout()
.logoutUrl("/app/logout")
.and()
.csrf()
.and()
.exceptionHandling()
.accessDeniedPage("/app/forbidden");
super.configure(http); //Very important!
}
}
0(MethodReference.java:49) ~[spring-expression-4.2.
4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.expression.spel.ast.MethodReference$MethodValueRef.getValue(MethodReference.java:347) ~[spring-e
xpression-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.expression.spel.ast.CompoundExpression.getValueInternal(CompoundExpression.java:88) ~[spring-exp
ression-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.expression.spel.ast.SpelNodeImpl.getValue(SpelNodeImpl.java:120) ~[spring-expression-4.2.4.RELEA
SE.jar:4.2.4.RELEASE]
at org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:242) ~[spring-expression-4.
2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.context.expression.StandardBeanExpressionResolver.evaluate(StandardBeanExpressionResolver.java:1
61) ~[spring-context-4.2.4.RELEASE.jar:4.2.4.RELEASE]
... 37 common frames omitted
Caused by: java.lang.IllegalArgumentException: ROLE_USER cannot start with ROLE_ (it is automatically added)
at org.springframework.util.Assert.isTrue(Assert.java:68) ~[spring-core-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer$
UserDetailsBuilder.roles(UserDetailsManagerConfigurer.java:167) ~[spring-security-config-4.0.3.RELEASE.jar:4.0.3.RELEASE
]
at edu.spring.boot.app.security.SecurityConfiguration.configureGlobal(SecurityConfiguration.java:18) ~[classes/:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_66]
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[na:1.8.0_66]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[na:1.8.0_66]
at java.lang.reflect.Method.invoke(Unknown Source) ~[na:1.8.0_66]
at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(Auto
wiredAnnotationBeanPostProcessor.java:654) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:88) ~[spring-beans-4.2.
4.RELEASE.jar:4.2.4.RELEASE]
at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(Autowire
dAnnotationBeanPostProcessor.java:331) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE]
... 59 common frames omitted
采纳答案by G.Spansky
Ok I found the solution for security configure settings (not AuthenticationManager).
好的,我找到了安全配置设置的解决方案(不是 AuthenticationManager)。
First of all, according to Spring Boot dot, we have to add @EnableWebSecurity annotation.
首先,根据Spring Boot dot,我们要添加@EnableWebSecurity注解。
Second of all, we have to override configure method WITH @Override annotation AND super.configure(http) at the end of the method.
其次,我们必须在方法的末尾用 @Override 注释和 super.configure(http) 覆盖配置方法。
So the working configuration code looks like this:
所以工作配置代码如下所示:
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception{
auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
}
Now my configurations is loading, and works properly.
现在我的配置正在加载,并且工作正常。
回答by Ali Dehghani
It seems that Spring Boot loads my custom Spring Securty config, but it doesn't use it.
似乎 Spring Boot 加载了我的自定义 Spring Securty 配置,但它没有使用它。
You did not configure your AuthenticationManagercorrectly. You should use @Autowired:
您没有AuthenticationManager正确配置您的。你应该使用@Autowired:
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception{
auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
}
You can read more on spring security documentation here. Also, make sure that your configuration is going to be picked up by spring boot. You can read more about standard project structure in spring boot hereand its security integration here.
您可以在此处阅读有关 spring 安全文档的更多信息。另外,请确保您的配置将被 spring boot 接收。您可以在此处阅读有关 Spring Boot 中标准项目结构及其安全集成的更多信息。
UpdateBased on the stacktrace:
基于堆栈跟踪更新:
Caused by: java.lang.IllegalArgumentException: ROLE_USER cannot start with ROLE_
引起:java.lang.IllegalArgumentException:ROLE_USER 不能以 ROLE_ 开头
You should drop the ROLE_prefix in roles("ROLE_USER"), Just use roles("USER").
您应该将ROLE_前缀删除roles("ROLE_USER"),只需使用roles("USER").
回答by tecnocrata
did you remove this code?
你删除了这个代码吗?
##代码##