我正在尝试使用Spring Security Java配置保护Web应用程序.
I am trying to secure a web application using Spring Security java configuration.
这是配置的外观:-
@Configuration @EnableWebMvcSecurity public class SecurityConfiguration extends WebSecurityConfigurerAdapter { private String googleClientSecret; @Autowired private CustomUserService customUserService; /* * (non-Javadoc) * * @see org.springframework.security.config.annotation.web.configuration. * WebSecurityConfigurerAdapter * #configure(org.springframework.security.config * .annotation.web.builders.HttpSecurity) */ @Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .authorizeRequests() .antMatchers(HttpMethod.GET, "/","/static/**", "/resources/**","/resources/public/**").permitAll() .anyRequest().authenticated() .and() .formLogin() .and() .httpBasic().disable() .requiresChannel().anyRequest().requiresSecure(); // @formatter:on super.configure(http); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { // @formatter:off auth .eraseCredentials(true) .userDetailsService(customUserService); // @formatter:on super.configure(auth); } }请注意,我已使用以下方式明确禁用了HTTP基本身份验证:-
Notice that I have explicitly disabled HTTP Basic authentication using:-
.httpBasic().disable()访问安全的URL时,我仍然收到HTTP Authenticaton提示框.为什么?
I am still getting HTTP Authenticaton prompt box while accessing a secured url. Why?
请帮助我解决此问题. 我只想呈现捆绑的默认登录表单.
Please help me fix this. I just want to render the default login form that comes bundled.
Spring Boot Starter版本:1.1.5 春季安全版本:3.2.5
Spring Boot Starter Version : 1.1.5 Spring Security Version : 3.2.5
谢谢
推荐答案首先,调用super.configure(http);将覆盖您之前的整个配置.
First of all, calling super.configure(http); will override whole your configuration you have before that.
尝试以下方法:
http .authorizeRequests() .anyRequest().authenticated() .and() .formLogin() .and() .httpBasic().disable();更多推荐
使用Spring Security Java配置时禁用基本身份验证
发布评论