Java 使用spring boot starter安全性的spring boot中的基本身份验证不适用于最新版本的spring boot starter父级
我正在尝试将基本身份验证实现到我的微服务的端点。所以我用了SpringBootStarterSecurity。但是我注意到SpringBootStarter安全性在SpringBootStarter父版本>2.0.3时不起作用。因此,我切换到SpringBootStarter父版本>1.5.2,在那里它对我的参考项目非常有效 有谁能帮我用最新版本的SpringBootStarter父级实现基本身份验证的其他方法吗? 我现在的问题是,我在某些类中编写的逻辑(在最新版本中实现)与以前版本的spring boot starter父类不起作用。特别是在有办法读取时间戳的地方 这是我的pom.xml供参考Java 使用spring boot starter安全性的spring boot中的基本身份验证不适用于最新版本的spring boot starter父级,java,authentication,Java,Authentication,我正在尝试将基本身份验证实现到我的微服务的端点。所以我用了SpringBootStarterSecurity。但是我注意到SpringBootStarter安全性在SpringBootStarter父版本>2.0.3时不起作用。因此,我切换到SpringBootStarter父版本>1.5.2,在那里它对我的参考项目非常有效 有谁能帮我用最新版本的SpringBootStarter父级实现基本身份验证的其他方法吗? 我现在的问题是,我在某些类中编写的逻辑(在最新版本中实现)与以前版本的sprin
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.springframework</groupId>
<artifactId>gs-spring-boot</artifactId>
<version>0.1.0</version>
<packaging>war</packaging>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.2.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
<version>2.7.0</version>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
<version>2.7.0</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.16.20</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-core-asl</artifactId>
<version>1.9.13</version>
</dependency>
<dependency>
<groupId>com.googlecode.json-simple</groupId>
<artifactId>json-simple</artifactId>
<version>1.1</version>
</dependency>
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>2.8.5</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
4.0.0
org.springframework
弹簧靴
0.1.0
战争
org.springframework.boot
spring启动程序父级
1.5.2.1发布
UTF-8
UTF-8
1.8
org.springframework.boot
弹簧靴起动器执行器
org.springframework.boot
弹簧启动安全
org.springframework.boot
SpringBootStarterWeb
org.springframework.boot
弹簧起动试验
测试
伊奥·斯普林福克斯
springfox-Swagger 2
2.7.0
伊奥·斯普林福克斯
springfox招摇过市用户界面
2.7.0
org.projectlombok
龙目
1.16.20
假如
org.codehaus.jackson
jackson core asl
1.9.13
com.googlecode.json-simple
简单json
1.1
com.google.code.gson
格森
2.8.5
org.springframework.boot
springbootmaven插件
但这里的问题是,如果通过基本身份验证访问任何端点,则可以访问其他端点,而无需任何身份验证头 嗨,Thonse。我建议你提供更多关于它如何失败的细节。有错误吗?发生了什么事?什么是测试用例?人们如何重现你的烦恼?
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private static final Logger log = LogManager.getLogger();
@Override
protected void configure(HttpSecurity http) throws Exception {
// Note:
// Use this to enable the tomcat basic authentication (tomcat popup rather than spring login page)
// Note that the CSRf token is disabled for all requests
log.info("Disabling CSRF, enabling basic authentication...");
http
.authorizeRequests()
.antMatchers("/**").authenticated() // These urls are allowed by any authenticated user
.and()
.httpBasic();
http.csrf().disable();
}
@Bean
public UserDetailsService userDetailsService() {
// Get the user credentials from the console (or any other source):
String username = "hans";
String password = "hans";
// Set the inMemoryAuthentication object with the given credentials:
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
String encodedPassword = passwordEncoder().encode(password);
manager.createUser(User.withUsername(username).password(encodedPassword).roles("USER").build());
return manager;
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}