Spring security Spring引导中的Spring安全配置
我正在将Spring3项目转换为Spring4+SpringBoot。我还不知道这是不是一件正确的事情。我将Spring Security XML配置转换为基于Java的配置,如下所示:Spring security Spring引导中的Spring安全配置,spring-security,spring-boot,spring-java-config,Spring Security,Spring Boot,Spring Java Config,我正在将Spring3项目转换为Spring4+SpringBoot。我还不知道这是不是一件正确的事情。我将Spring Security XML配置转换为基于Java的配置,如下所示: @Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity htt
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/", "/home").permitAll()
.anyRequest().authenticated();
http.formLogin()
.defaultSuccessUrl("/afterLogin")
.loginPage("/profiles/lognin/form")
.failureUrl("/accessDenied")
.and()
.authorizeRequests()
.regexMatchers("....")
.hasRole("ROLE_USER")
.antMatchers("....")
.hasRole("ROLE_USER")
//....
;
}
@Override
protected void configure(AuthenticationManagerBuilder authManagerBuilder)
throws Exception {
authManagerBuilder.authenticationProvider(this.getDaoAuthenticationProvider());
}
// ....
}
当我点击主页URL时,我会得到Spring安全默认登录弹出面板。在我看来,上面的配置没有生效,但是SpringBoot中的默认Spring安全配置没有生效。如果是,如何覆盖默认值?我找到了答案。我需要创建一个名为
application.properties
的文件,其行如下:
security.basic.enabled=false
并将此文件置于
src/main/resource
下。就是这样。这样配置弹簧
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.and()
.addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
.exceptionHandling()
.and()
.rememberMe()
.and()
.formLogin()
.loginProcessingUrl("/user") // rest apiyi yaz.
//.usernameParameter("username")
//.passwordParameter("password")
.permitAll()
.and()
.logout()
//.logoutUrl("/api/logout")
//.deleteCookies("JSESSIONID", "CSRF-TOKEN")
.permitAll()
.and()
.headers()
.frameOptions()
.disable()
.authorizeRequests()
.antMatchers("/login").permitAll()
.antMatchers("/#/dashboard/home").permitAll()
;
}