這是我第一次使用Spring Boot安全REST應用程序。我已經爲我的類路徑添加了spring-boot-starter-security,並且我知道自動保護所有URL。但是在我的開發中的這一點上,我還沒有準備好這麼做,所以我添加了一個antMatcher來允許所有的URL。但不管如何我把我的WebSecurityConfig,我仍然得到一個錯誤信息:Spring Boot似乎沒有看到我的網絡安全配置
Full authentication is required to access this resource
下面是我WebSecurityConfig全面。還有什麼我需要爲Spring做些挑剔嗎?如何驗證它是否被使用?非常感謝!
package com.company.jwt.security;
import java.util.Properties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import com.company.jwt.UserUtils;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf().disable().authorizeRequests()
.antMatchers("/**").permitAll();
}
@Override
protected void configure(AuthenticationManagerBuilder authBuilder) throws Exception {
authBuilder.userDetailsService(inMemoryUserDetailsManager());
}
@Bean
public InMemoryUserDetailsManager inMemoryUserDetailsManager() {
Properties props = new Properties();
UserUtils.getUsers()
.forEach(e -> props.put(e.getUsername(), e.getPassword() + "," +
e.getAuthorities() + ", enabled"));
return new InMemoryUserDetailsManager(props);
}
}
嘗試刪除@EnableWebSecurity –
但我希望基礎架構在那裏。我不想禁用它來解決我的問題。 – user1660256
如果添加註釋,Spring引導將關閉自動配置。請參閱鏈接:https://docs.spring.io/spring-boot/docs/current/reference/html/howto-security.html –