Spring Boot 2安全基本认证
为什么以下基本安全配置不适用于MemoryAuthentication()子句?
@Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .csrf().disable() .httpBasic() .and() .authorizeRequests() .anyRequest().authenticated(); super.configure(http); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication() .withUser("username").password("password"); super.configure(auth); } }
应用程序初始化后,仍然只有Spring自己生成的默认user
,没有像username
这样的username
。
不要从void configure(AuthenticationManagerBuilder auth)
调用super方法。 它将disableLocalConfigureAuthenticationBldr
标志设置为true
,从而导致忽略AuthenticationManagerBuilder
。 最后,您的void configure(AuthenticationManagerBuilder auth)
方法应如下所示:
@Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication() .withUser("username").password("password").roles("USER"); }
在spring boot 2.x中,您必须实现自己的UserDetailsService ,如此处和此处所述
例:
@Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter { private static final Logger log = LogManager.getLogger(); @Override protected void configure(HttpSecurity http) throws Exception { // Note: // Use this to enable the tomcat basic authentication (tomcat popup rather than spring login page) // Note that the CSRf token is disabled for all requests log.info("Disabling CSRF, enabling basic authentication..."); http .authorizeRequests() .antMatchers("/**").authenticated() // These urls are allowed by any authenticated user .and() .httpBasic(); http.csrf().disable(); } @Bean public UserDetailsService userDetailsService() { // Get the user credentials from the console (or any other source): String username = ... String password = ... // Set the inMemoryAuthentication object with the given credentials: InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager(); String encodedPassword = passwordEncoder().encode(password); manager.createUser(User.withUsername(username).password(encodedPassword).roles("USER").build()); return manager; } @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } }