Spring Boot ServeletInitializer和Spring Security

user962206 发表于 Dev

用户名

我有2个配置文件。一个是Spring Boot应用程序

@SpringBootApplication
public class Application extends SpringBootServletInitializer {

    public static void main(String[] args) {
        ApplicationContext ctx = SpringApplication.run(Application.class, args);
    }

    @Override
    protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
        return application.sources(Application.class);
    }
    ...
   }

还有Spring Security Config。看来它不起作用。每当我访问localhost：8080时，都会要求输入用户名和密码。我相信我在auth.inMemoryAuthentication().withUser("user").password("password").roles("USER")

@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter{
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication()
            .withUser("user").password("password").roles("USER");
    }
}

但是它显示的凭据无效，是否有任何方法可以验证这一点？

编辑：我试图将此xml配置转换为基于JavaConfig，但仍然无济于事。

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:context="http://www.springframework.org/schema/context"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security.xsd
           http://www.springframework.org/schema/context
    http://www.springframework.org/schema/context/spring-context.xsd">

    <context:component-scan base-package="org.app.genesis.client.auth"/>

    <http pattern="/resources/**" security="none"/>
    <http pattern="/index.jsp" security="none"/>

    <http>
        <intercept-url pattern="/api/*" requires-channel="https"/>
        <!--TODO Add RESOURCE PATTERN checker -->
        <form-login login-page="/index.jsp" default-target-url="/dashboard"/>
        <logout />
    </http>

    <!-- Test Login values -->
    <authentication-manager>
        <!--use inMemoryUserDetailsService for faux auth -->
        <authentication-provider ref="customAuthenticationProvider"/>
    </authentication-manager>
</beans:beans>

这是我的新SecurityConfig

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {


    @Autowired
    private TenantDetailsService tenantUserDetailsService;

    @Autowired
    private PasswordEncryptionService passwordEncoder;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(tenantUserDetailsService).passwordEncoder(passwordEncoder);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.formLogin().loginPage("/index.jsp").defaultSuccessUrl("/dashboard");
    }
}

security-config.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:context="http://www.springframework.org/schema/context"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security.xsd
           http://www.springframework.org/schema/context
    http://www.springframework.org/schema/context/spring-context.xsd">

    <context:component-scan base-package="org.brightworks.genesis.client.auth"/>

    <http pattern="/resources/**" security="none"/>
    <http pattern="/index.jsp" security="none"/>

    <http>
        <intercept-url pattern="/api/*" requires-channel="https"/>
        <!--TODO Add RESOURCE PATTERN checker -->
        <form-login login-page="/index.jsp" default-target-url="/dashboard"/>
        <logout />
    </http>

    <!-- Test Login values -->
    <authentication-manager>
        <!--use inMemoryUserDetailsService for faux auth -->
        <authentication-provider ref="customAuthenticationProvider"/>
    </authentication-manager>
</beans:beans>

凯尔

如果您想使用自己的身份验证版本。首先从禁用Spring Boot弹簧安全配置开始。将此添加到您的application.properties。

security.basic.enabled=false

并将您的http配置更改为此。

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
            .antMatchers("/**")
            .hasAnyRole("ROLE1","ROLE2")
            .and()
            .formLogin()
            .loginPage("/login")
            .loginProcessingUrl("/j_spring_security_check")
            .defaultSuccessUrl("/product/search", true)
            .permitAll()
            .and()
            .csrf()
            .disable()
            .logout()
            .logoutUrl("/j_spring_security_logout")
            .logoutSuccessUrl("/login");
    }

使上述配置与此登录表单匹配

<form class="form-signin"name="f" action="${pageContext.request.contextPath}/j_spring_security_check" method="POST">
    <fieldset>
            <input class="form-control form-group" type="text" name="username" placeholder="Username">
            <input class="form-control" type="password" name="password" placeholder="Password" >
            <a class="forgot pull-right" href="#">Forgot password?</a>
            <button name="submit" class="btn btn-block btn-primary" type="submit">Sign in</button>
    </fieldset>
</form>

假设页面登录页面是“ / login”，您说的POST请求是j_spring_security_check。因此，loginProcessingUrl设置为