Warning: file_get_contents(/data/phpspider/zhask/data//catemap/0/backbone.js/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java 未应用Spring安全配置_Java_Spring Security_Spring Security Rest - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java 未应用Spring安全配置

Java 未应用Spring安全配置

java spring-security

Java 未应用Spring安全配置,java,spring-security,spring-security-rest,Java,Spring Security,Spring Security Rest,我有下面的配置,我需要为/api/v1/**端点配置HTTPBasic身份验证,我想为/users/url模式配置表单身份验证。当我使用以下配置运行时,web请求的配置工作正常,但API的配置不工作。没有应用任何安全性。我哪里做错了 @Configuration @EnableWebSecurity public class WebSecurityConfig { @Order(1) @Configuration public static class MVCSecur

我有下面的配置,我需要为
/api/v1/**
端点配置
HTTPBasic
身份验证,我想为
/users/
url模式配置
表单
身份验证。当我使用以下配置运行时,web请求的配置工作正常,但API的配置不工作。没有应用任何安全性。我哪里做错了

@Configuration
@EnableWebSecurity
public class WebSecurityConfig {

    @Order(1)
    @Configuration
    public static class MVCSecurityConfiguration extends WebSecurityConfigurerAdapter {

        @Bean
        public BCryptPasswordEncoder getBCryptPasswordEncoder() {
            return new BCryptPasswordEncoder();
        }

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.
                    antMatcher("/users/**")
                    .csrf()
                        .and()
                    .authorizeRequests()
                    .antMatchers(
                            "/resources/**", "/users/register", "/users/signup", "/users/confirm", "/users/user-action", "/users/reset-password", "/confirm", "/webjars/**")
                    .permitAll()
                    .antMatchers("/users/**")
                    .hasRole("USER")
                    .anyRequest()
                    .authenticated()
                    .and()
                    .formLogin().loginPage("/login").usernameParameter("username").passwordParameter("password");

            http
                    .authorizeRequests()
                    .antMatchers("/api/v1/users/**")
                    .hasRole("USER")
                    .anyRequest()
                    .authenticated()
                    .and()
                    .httpBasic();
        }
    }
我已将您的代码用于以下配置:

@EnableWebSecurity
public class SecurityConfiguration {

public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.antMatcher("/api/v1/users/**")
           .authorizeRequests().anyRequest()
           .hasRole("USER").and().httpBasic();
    }

}

@Configuration
@Order(2)
public class MVCSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.csrf().and().authorizeRequests()
                .antMatchers("/resources/**", "/users/register", "/users/signup", "/users/confirm",
                        "/users/user-action", "/users/reset-password", "/confirm", "/webjars/**").permitAll()
        .antMatchers("/users/**").hasRole("USER")
        .and()
        .formLogin().usernameParameter("username").passwordParameter("password");
    }
}

}
查看文档和示例代码