我正在尝试使用 Spring Security java 配置来保护 Web 应用程序.
I am trying to secure a web application using Spring Security java configuration.
这是配置的样子:-
@Configuration @EnableWebMvcSecurity public class SecurityConfiguration extends WebSecurityConfigurerAdapter { private String googleClientSecret; @Autowired private CustomUserService customUserService; /* * (non-Javadoc) * * @see org.springframework.security.config.annotation.web.configuration. * WebSecurityConfigurerAdapter * #configure(org.springframework.security.config * .annotation.web.builders.HttpSecurity) */ @Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .authorizeRequests() .antMatchers(HttpMethod.GET, "/","/static/**", "/resources/**","/resources/public/**").permitAll() .anyRequest().authenticated() .and() .formLogin() .and() .httpBasic().disable() .requiresChannel().anyRequest().requiresSecure(); // @formatter:on super.configure(http); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { // @formatter:off auth .eraseCredentials(true) .userDetailsService(customUserService); // @formatter:on super.configure(auth); } }请注意,我已使用以下方法显式禁用 HTTP 基本身份验证:-
Notice that I have explicitly disabled HTTP Basic authentication using:-
.httpBasic().disable()在访问安全 URL 时,我仍然收到 HTTP 身份验证提示框.为什么?
I am still getting HTTP Authenticaton prompt box while accessing a secured url. Why?
请帮我解决这个问题.我只想呈现捆绑的默认登录表单.
Please help me fix this. I just want to render the default login form that comes bundled.
Spring Boot 入门版本:1.1.5Spring 安全版本:3.2.5
Spring Boot Starter Version : 1.1.5 Spring Security Version : 3.2.5
谢谢
推荐答案首先,调用 super.configure(http); 将覆盖你之前的整个配置.
First of all, calling super.configure(http); will override whole your configuration you have before that.
试试这个:
http .authorizeRequests() .anyRequest().authenticated() .and() .formLogin() .and() .httpBasic().disable();更多推荐
使用 Spring Security Java 配置时禁用基本身份验证
发布评论