使用Spring引导的HTTP基本身份验证';s基于Java的配置
我正在尝试设置一个简单的Spring引导应用程序,该应用程序使用具有硬编码密码的单个用户进行HTTP基本身份验证 到目前为止,我使用基于XML的配置实现了它 如何使用基于Java的配置实现相同的结果使用Spring引导的HTTP基本身份验证';s基于Java的配置,java,spring,spring-boot,spring-security,basic-authentication,Java,Spring,Spring Boot,Spring Security,Basic Authentication,我正在尝试设置一个简单的Spring引导应用程序,该应用程序使用具有硬编码密码的单个用户进行HTTP基本身份验证 到目前为止,我使用基于XML的配置实现了它 如何使用基于Java的配置实现相同的结果 SecurityConfig.java @EnableWebSecurity @ImportResource("classpath:spring-security.xml") public class SecurityConfig {} spring security.xm
- SecurityConfig.java
@EnableWebSecurity @ImportResource("classpath:spring-security.xml") public class SecurityConfig {} - spring security.xml
<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <http> <intercept-url pattern="/MyService/**" access="isAuthenticated()" /> <http-basic /> </http> <user-service> <user name="foo" password="{noop}bar" authorities="ROLE_USER" /> </user-service> </beans:beans>
@EnableWebSecurity@Configuration我使用的是Spring Boot 2.3.4和Spring Security 5.3.4。好吧,如果我理解正确,您只想设置http连接吗? 下面是我编写的一个代码示例,它适合您的xml(我想) 然后,如果您打算真正使用它,您需要获取用户,可能是从数据库获取的,因此您还需要类似以下内容:
@Service
public class YourUserDetailsService implements UserDetailsService { //UserDetailsService is the interface we need to let Spring do its magic
private final LoginsService LoginsService;
public LibraryUserDetailsService(LoginsService loginsService) {
this.loginsService = loginsService;
}
@Override
public UserDetails loadUserByUsername(String password, String userName) throws UsernameNotFoundException {
//Here you fetch, decrypt, and check that the password and username are correct
//WARNING: This is a really simple example, do not use this in your applications code
Optional<GrantedAcces> access =
libraryLoginsService.findUser(userName,password);
//I create a new user with the authorized role, this is store in the session
return new User(access.get().getUserName,access.get().getPassword(), Collections.singleton(new SimpleGrantedAuthority("ROLE_ADMIN")));
}
@服务
公共类YourUserDetailsService实现UserDetailsService{//UserDetailsService是让Spring发挥其魔力所需的接口
私人最终登录服务登录服务;
公共图书馆用户详细信息服务(登录服务登录服务){
this.loginsService=loginsService;
}
@凌驾
public UserDetails loadUserByUsername(字符串密码,字符串用户名)引发UsernameNotFoundException{
//在这里,您获取、解密并检查密码和用户名是否正确
//警告:这是一个非常简单的示例,请勿在应用程序代码中使用
可选访问=
libraryLoginsService.findUser(用户名、密码);
//我创建了一个具有授权角色的新用户,它存储在会话中
返回新用户(access.get().getUserName、access.get().getPassword()、Collections.singleton(新的SimpleGrantedAuthority(“角色\管理员”));
}
@Service
public class YourUserDetailsService implements UserDetailsService { //UserDetailsService is the interface we need to let Spring do its magic
private final LoginsService LoginsService;
public LibraryUserDetailsService(LoginsService loginsService) {
this.loginsService = loginsService;
}
@Override
public UserDetails loadUserByUsername(String password, String userName) throws UsernameNotFoundException {
//Here you fetch, decrypt, and check that the password and username are correct
//WARNING: This is a really simple example, do not use this in your applications code
Optional<GrantedAcces> access =
libraryLoginsService.findUser(userName,password);
//I create a new user with the authorized role, this is store in the session
return new User(access.get().getUserName,access.get().getPassword(), Collections.singleton(new SimpleGrantedAuthority("ROLE_ADMIN")));
}