我正在尝试使用具有弹簧安全性的 spring-boot 来做一个示例.我的想法是创建一个 Web 应用程序并提供一个 API,我希望两者都有安全性;所以我需要创建一个多 http 网络安全配置,但它不起作用.
I'm trying to do an example using spring-boot with spring security. My idea is to create a web app and also provide an API, I would like to both have security; so I need to create a multi http web security configuration however it is not working.
我点击了这个链接 docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/#multiple-httpsecurity 但没有成功.而且,我收到此错误
I followed this link docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/#multiple-httpsecurity but no success. And, I'm getting this error
创建名为webSecurityConfiguration"的 bean 时出错:自动装配依赖项的注入失败;嵌套异常是 java.lang.IllegalStateException:无法将 org.springframework.security.config.annotation.authentication.configurers.provisioning.InMemoryUserDetailsManagerConfigurer 应用于已构建的对象
我使用的配置如下:
@Configuration @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER) @EnableGlobalAuthentication @EnableGlobalMethodSecurity(securedEnabled = true) public class WebSecurityConfiguration { @Autowired protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() .withUser("user").password("12345").roles("USER").and() .withUser("admin").password("12345").roles("USER", "ADMIN"); } @Configuration @Order(1) public static class ApiConfigurationAdapter extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .antMatcher("/api/**") .authorizeRequests() .anyRequest().hasRole("ADMIN") .and() .httpBasic(); } } @Configuration @Order(2) public static class WebConfigurationAdapter extends WebSecurityConfigurerAdapter { @Override public void configure(WebSecurity web) throws Exception { web .ignoring() .antMatchers("/resources/**"); } @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/", "/home").permitAll() .anyRequest() .authenticated() .and() .formLogin() .loginPage("/login").permitAll() .and() .logout().permitAll(); } } }提前致谢
推荐答案经过大量阅读后,我发现了一些对我有用的东西:
after a lot of reading I found something that works for me:
@Configuration @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER) @EnableGlobalMethodSecurity(securedEnabled = true) public class WebSecurityConfiguration extends GlobalAuthenticationConfigurerAdapter { @Resource(name = "customUserDetailsService") protected CustomUserDetailsService customUserDetailsService; @Resource private DataSource dataSource; @Autowired protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(customUserDetailsService); } @Configuration @Order(1) public static class ApiConfigurationAdapter extends WebSecurityConfigurerAdapter { @Resource(name = "restUnauthorizedEntryPoint") private RestUnauthorizedEntryPoint restUnauthorizedEntryPoint; @Resource(name = "restAccessDeniedHandler") private RestAccessDeniedHandler restAccessDeniedHandler; @Override protected void configure(HttpSecurity http) throws Exception { SecurityConfigurer<DefaultSecurityFilterChain, HttpSecurity> securityXAuthConfigurerAdapter = new XAuthTokenConfigurer( userDetailsServiceBean()); // @formatter:off http .antMatcher("/api/**").csrf().disable() .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and() .exceptionHandling() .authenticationEntryPoint(restUnauthorizedEntryPoint) .accessDeniedHandler(restAccessDeniedHandler) .and() .authorizeRequests() .antMatchers(HttpMethod.POST, "/api/authenticate").permitAll() .anyRequest().hasRole("ADMIN") .and() .apply(securityXAuthConfigurerAdapter); // @formatter:on } } @Configuration @Order(2) public static class WebConfigurationAdapter extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .authorizeRequests() .antMatchers("/", "/home").permitAll() .anyRequest().authenticated() .and() .formLogin() .loginPage("/login").permitAll() .and() .logout().permitAll() ; // @formatter:on } } }更多推荐
Spring Boot + 安全性 + 多 HTTP Web 配置
发布评论