我爲Spring-Boot創建了一個Spring Security配置類。我的登錄頁面有資源css,js和ico文件。由於安全原因資源被拒絕,並且每次都重定向到登錄頁面。爲什麼EnableWebMVCSecurity不添加Classpath資源位置。在第二個片段中更改代碼後,添加I Classpath資源位置。不明白我缺少的第一個代碼片段中的資源。使用Spring引導的安全配置
@Configuration
/*
* Enable Spring Security’s web security support and provide the Spring MVC integration
* It also extends WebSecurityConfigurerAdapter
and overrides a couple of its methods to set some specifics of the web security configuration.
*/
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
/**
* The configure(HttpSecurity) method defines with URL paths should be
* secured and which should not.
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated();
// There is a custom "/login" page specified by loginPage(), and everyone
// is allowed to view it.
http
.formLogin()
.loginPage("/login.html")
.permitAll()
.and()
.logout()
.permitAll().logoutSuccessUrl("/login.html");
}
@Configuration
protected static class AuthenticationConfiguration extends
GlobalAuthenticationConfigurerAdapter {
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
// As for the configure(AuthenticationManagerBuilder) method, it sets up
// an in-memory user store with a single user. That user is given a
// username of "user", a password of "password", and a role of "USER".
auth
.inMemoryAuthentication()
.withUser("[email protected]").password("password").roles("USER");
}
}
我得到這個工作,通過改變代碼
@Configuration
/*
* Enable Spring Security’s web security support and provide the Spring MVC integration
* It also extends WebSecurityConfigurerAdapter
and overrides a couple of its methods to set some specifics of the web security configuration.
*/
public class WebSecurityConfig{
@Bean
public ApplicationSecurity applicationSecurity() {
return new ApplicationSecurity();
}
@Bean
public AuthenticationSecurity authenticationSecurity() {
return new AuthenticationSecurity();
}
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
protected static class ApplicationSecurity extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated();
http
.formLogin()
.loginPage("/login.html")
.permitAll()
.and()
.logout()
.permitAll().logoutSuccessUrl("/login.html");
}
}
@Order(Ordered.HIGHEST_PRECEDENCE + 10)
protected static class AuthenticationSecurity extends
GlobalAuthenticationConfigurerAdapter {
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("[email protected]").password("password").roles("USER");
}
}
}
改變我注意到,忽略路徑添加到過濾器的代碼後,我看到在日誌中的以下內容:
[ost-startStop-1] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: Ant [pattern='/css/**'], [] [ost-startStop-1] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: Ant [pattern='/js/**'], [] [ost-startStop-1] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: Ant [pattern='/images/**'], [] [ost-startStop-1] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: Ant [pattern='/**/favicon.ico'], [] [ost-startStop-1] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: [email protected]1, [org.springframework.secu[email protected]4e3e0069, org.spring[email protected]3d2dd0cf, [email protected]b02, [email protected], org.[email protected]267237ef, org.springframework.s[email protected]129495ef, org.springframework.[email protected]7db0a467, org.springfram[email protected]764d1dbd, org.sp[email protected]25a5268d, org.springframework.[email protected]15c01d0c, org.springfram[email protected]37818a3b, o[email protected]3fe57e49, org[email protected]4278af59, org.springfr[email protected]424bef91]
感謝指針文檔。我使用了與EnableWebSecurity不同的'EnableWebMVCSecurity'。 – randominstanceOfLivingThing 2014-09-03 19:15:56
它是一樣的(從某種意義上說,它是一個超集) - 一個用另一個註解。 – 2014-09-03 20:51:49
@DaveSyer,你能看看我的問題嗎? https://stackoverflow.com/questions/46065063/spring-boot-basic-authentication – 2017-09-06 02:48:18