Spring Boot 2安全基本认证

不要从void configure(AuthenticationManagerBuilder auth)调用super方法。 它将disableLocalConfigureAuthenticationBldr标志设置为true ，从而导致忽略AuthenticationManagerBuilder 。 最后，您的void configure(AuthenticationManagerBuilder auth)方法应如下所示：

 @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication() .withUser("username").password("password").roles("USER"); } 

在spring boot 2.x中，您必须实现自己的UserDetailsS​​ervice ，如此处和此处所述

例：

 @Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter { private static final Logger log = LogManager.getLogger(); @Override protected void configure(HttpSecurity http) throws Exception { // Note: // Use this to enable the tomcat basic authentication (tomcat popup rather than spring login page) // Note that the CSRf token is disabled for all requests log.info("Disabling CSRF, enabling basic authentication..."); http .authorizeRequests() .antMatchers("/**").authenticated() // These urls are allowed by any authenticated user .and() .httpBasic(); http.csrf().disable(); } @Bean public UserDetailsService userDetailsService() { // Get the user credentials from the console (or any other source): String username = ... String password = ... // Set the inMemoryAuthentication object with the given credentials: InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager(); String encodedPassword = passwordEncoder().encode(password); manager.createUser(User.withUsername(username).password(encodedPassword).roles("USER").build()); return manager; } @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } }