Spring boot Spring引导,Spring安全性-基于XML的配置
Spring Boot 2.3.4,Spring安全,保护REST控制器(端点) 我有一个带有Java配置类的解决方案,但现在我有了使用XML的任务Spring boot Spring引导,Spring安全性-基于XML的配置,spring-boot,spring-security,Spring Boot,Spring Security,Spring Boot 2.3.4,Spring安全,保护REST控制器(端点) 我有一个带有Java配置类的解决方案,但现在我有了使用XML的任务 public class WebSecurityConfig extends WebSecurityConfigurerAdapter { public static final String USER = "USER"; public static final String ADMIN = "ADMI
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
public static final String USER = "USER";
public static final String ADMIN = "ADMIN";
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user")
.password("{noop}" + "user123")
.roles(USER)
.and()
.withUser("admin")
.password("{noop}" + "admin456")
.roles(ADMIN, USER);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic()
.and()
.authorizeRequests()
.antMatchers("/", "/login").permitAll()
.antMatchers("/path1/**").hasRole(ADMIN)
.antMatchers("/path2/**").hasRole(USER)
.antMatchers(HttpMethod.DELETE, "/path3/{name}").hasRole(ADMIN)
.antMatchers(HttpMethod.GET, "/path3/{name}").hasRole(USER)
// more antMatchers...
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.csrf().disable()
.formLogin().disable();
}
}
以前从未进行过基于XML的配置,这一定是以前做过很多的事情。无论如何,我得到了用XML完成这项任务的机会
我不知道怎么做。
需要哪些部分,只是XML文件,还是Java配置文件(如WebSecurityConfig.Java)?我尝试了以下方法
WebSecurityConfig.java
@Configuration
@ImportResource({ "classpath:webSecurityConfig.xml" })
public class WebSecurityConfig {
public WebSecurityConfig() {
super();
}
}
webSecurityConfig.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
<http create-session="stateless" use-expressions="true">
<intercept-url pattern="/" access="permitAll()"/>
<intercept-url pattern="/login" access="permitAll()"/>
<intercept-url pattern="/path1/**" access="hasAuthority('ROLE_ADMIN')"/>
<intercept-url pattern="/path2/**" access="hasAuthority('ROLE_USER')"/>
<intercept-url method="DELETE" pattern="/path3/{name}" access="hasAuthority('ROLE_ADMIN')"/>
<intercept-url method="GET" pattern="/path3/{name}" access="hasAuthority('ROLE_USER')"/>
<http-basic/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="user" password="{noop}user123" authorities="ROLE_USER"/>
<user name="admin" password="{noop}admin456" authorities="ROLE_USER,ROLE_ADMIN"/>
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
不确定是哪里出了问题或遗漏了什么。到目前为止,谷歌的帮助不大。请查看并
***************************
APPLICATION FAILED TO START
***************************
Description:
Parameter 0 of method setObjectPostProcessor in org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter required a bean of type 'org.springframework.security.config.annotation.ObjectPostProcessor' that could not be found.
Action:
Consider defining a bean of type 'org.springframework.security.config.annotation.ObjectPostProcessor' in your configuration.