Spring security 弹簧靴&x2B;安全+;多HTTP Web配置
我试图用SpringBoot和SpringSecurity做一个例子。我的想法是创建一个web应用程序,并提供一个API,我希望两者都有安全性;因此,我需要创建一个多http web安全配置,但它不起作用 我遵循了这个链接,但没有成功。我得到了这个错误 创建名为“webSecurityConfiguration”的bean时出错:自动连线依赖项的注入失败;嵌套异常为java.lang.IllegalStateException:无法将org.springframework.security.config.annotation.authentication.configurers.provisioning.InMemoryUserDetailsManager配置程序应用于已生成的对象 我使用的配置如下所示:Spring security 弹簧靴&x2B;安全+;多HTTP Web配置,spring-security,spring-boot,Spring Security,Spring Boot,我试图用SpringBoot和SpringSecurity做一个例子。我的想法是创建一个web应用程序,并提供一个API,我希望两者都有安全性;因此,我需要创建一个多http web安全配置,但它不起作用 我遵循了这个链接,但没有成功。我得到了这个错误 创建名为“webSecurityConfiguration”的bean时出错:自动连线依赖项的注入失败;嵌套异常为java.lang.IllegalStateException:无法将org.springframework.security.co
@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
@EnableGlobalAuthentication
@EnableGlobalMethodSecurity(securedEnabled = true)
public class WebSecurityConfiguration {
@Autowired
protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("12345").roles("USER").and()
.withUser("admin").password("12345").roles("USER", "ADMIN");
}
@Configuration
@Order(1)
public static class ApiConfigurationAdapter extends
WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/api/**")
.authorizeRequests()
.anyRequest().hasRole("ADMIN")
.and()
.httpBasic();
}
}
@Configuration
@Order(2)
public static class WebConfigurationAdapter extends
WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/home").permitAll()
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginPage("/login").permitAll()
.and()
.logout().permitAll();
}
}
}
提前谢谢我也面临同样的问题。但是当我从WebSecurityConfigureAdapter扩展WebSecurityConfiguration主类时,我解决了这个问题。 请参阅下面的stackoverflow帖子,您可以在其中找到完整的配置
经过大量阅读,我发现了一些适合我的东西:
@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
@EnableGlobalMethodSecurity(securedEnabled = true)
public class WebSecurityConfiguration extends GlobalAuthenticationConfigurerAdapter {
@Resource(name = "customUserDetailsService")
protected CustomUserDetailsService customUserDetailsService;
@Resource
private DataSource dataSource;
@Autowired
protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(customUserDetailsService);
}
@Configuration
@Order(1)
public static class ApiConfigurationAdapter extends WebSecurityConfigurerAdapter {
@Resource(name = "restUnauthorizedEntryPoint")
private RestUnauthorizedEntryPoint restUnauthorizedEntryPoint;
@Resource(name = "restAccessDeniedHandler")
private RestAccessDeniedHandler restAccessDeniedHandler;
@Override
protected void configure(HttpSecurity http) throws Exception {
SecurityConfigurer<DefaultSecurityFilterChain, HttpSecurity> securityXAuthConfigurerAdapter = new XAuthTokenConfigurer(
userDetailsServiceBean());
// @formatter:off
http
.antMatcher("/api/**").csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.exceptionHandling()
.authenticationEntryPoint(restUnauthorizedEntryPoint)
.accessDeniedHandler(restAccessDeniedHandler)
.and()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/api/authenticate").permitAll()
.anyRequest().hasRole("ADMIN")
.and()
.apply(securityXAuthConfigurerAdapter);
// @formatter:on
}
}
@Configuration
@Order(2)
public static class WebConfigurationAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers("/", "/home").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login").permitAll()
.and()
.logout().permitAll()
;
// @formatter:on
}
}
}
@配置
@顺序(SecurityProperty.ACCESS\u OVERRIDE\u顺序)
@EnableGlobalMethodSecurity(securedEnabled=true)
公共类WebSecurity配置扩展了GlobalAuthenticationConfigurerAdapter{
@资源(name=“customUserDetailsService”)
受保护的CustomUserDetails服务CustomUserDetails服务;
@资源
私有数据源;
@自动连线
受保护的无效配置全局(AuthenticationManagerBuilder auth)引发异常{
auth.userDetailsService(customUserDetailsService);
}
@配置
@订单(1)
公共静态类ApiConfigurationAdapter扩展了WebSecurity配置适配器{
@资源(name=“restUnauthorizedEntryPoint”)
私人餐厅UnauthorizedEntryPoint餐厅UnauthorizedEntryPoint;
@资源(name=“restAccessDeniedHandler”)
私有RestAccessDeniedHandler RestAccessDeniedHandler;
@凌驾
受保护的无效配置(HttpSecurity http)引发异常{
SecurityConfigurer securityXAuthConfigurerAdapter=新XAuthTokenConfigurer(
userDetailsServiceBean());
//@formatter:off
http
.antMatcher(“/api/**”).csrf().disable()
.sessionManagement().sessionCreationPolicy(sessionCreationPolicy.STATELESS)
.及()
.例外处理()
.authenticationEntryPoint(restUnauthorizedEntryPoint)
.accessDeniedHandler(restAccessDeniedHandler)
.及()
.授权请求()
.antMatchers(HttpMethod.POST,“/api/authenticate”).permitAll()
.anyRequest().hasRole(“管理员”)
.及()
.应用(securityXAuthConfigurerAdapter);
//@formatter:on
}
}
@配置
@订单(2)
公共静态类WebConfigurationAdapter扩展了WebSecurity配置适配器{
@凌驾
受保护的无效配置(HttpSecurity http)引发异常{
//@formatter:off
http
.授权请求()
.antMatchers(“/”,“/home”).permitAll()
.anyRequest().authenticated()
.及()
.formLogin()
.loginPage(“/login”).permitAll()
.及()
.logout().permitAll()
;
//@formatter:on
}
}
}
我发现我可以用
@EnableWebSecurity
阅读此提示后: