Java 未应用Spring安全配置
我有下面的配置,我需要为Java 未应用Spring安全配置,java,spring-security,spring-security-rest,Java,Spring Security,Spring Security Rest,我有下面的配置,我需要为/api/v1/**端点配置HTTPBasic身份验证,我想为/users/url模式配置表单身份验证。当我使用以下配置运行时,web请求的配置工作正常,但API的配置不工作。没有应用任何安全性。我哪里做错了 @Configuration @EnableWebSecurity public class WebSecurityConfig { @Order(1) @Configuration public static class MVCSecur
/api/v1/**
端点配置HTTPBasic
身份验证,我想为/users/
url模式配置表单
身份验证。当我使用以下配置运行时,web请求的配置工作正常,但API的配置不工作。没有应用任何安全性。我哪里做错了
@Configuration
@EnableWebSecurity
public class WebSecurityConfig {
@Order(1)
@Configuration
public static class MVCSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Bean
public BCryptPasswordEncoder getBCryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.
antMatcher("/users/**")
.csrf()
.and()
.authorizeRequests()
.antMatchers(
"/resources/**", "/users/register", "/users/signup", "/users/confirm", "/users/user-action", "/users/reset-password", "/confirm", "/webjars/**")
.permitAll()
.antMatchers("/users/**")
.hasRole("USER")
.anyRequest()
.authenticated()
.and()
.formLogin().loginPage("/login").usernameParameter("username").passwordParameter("password");
http
.authorizeRequests()
.antMatchers("/api/v1/users/**")
.hasRole("USER")
.anyRequest()
.authenticated()
.and()
.httpBasic();
}
}
我已将您的代码用于以下配置:
@EnableWebSecurity
public class SecurityConfiguration {
public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/api/v1/users/**")
.authorizeRequests().anyRequest()
.hasRole("USER").and().httpBasic();
}
}
@Configuration
@Order(2)
public class MVCSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().and().authorizeRequests()
.antMatchers("/resources/**", "/users/register", "/users/signup", "/users/confirm",
"/users/user-action", "/users/reset-password", "/confirm", "/webjars/**").permitAll()
.antMatchers("/users/**").hasRole("USER")
.and()
.formLogin().usernameParameter("username").passwordParameter("password");
}
}
}
查看文档和示例代码