带有Spring安全性(5.0.7)基本身份验证的Spring MVC(5.0.8)不工作
我试图在我的SpringMVC应用程序中启用Spring安全性,该应用程序提供一些RESTWeb服务(Java8)。我的问题是,无论我做什么,授权根本不起作用。我可以在没有任何凭据的情况下访问我的REST端点。我使用本手册: Git repo和我的应用程序的完整代码如下: java如下所示带有Spring安全性(5.0.7)基本身份验证的Spring MVC(5.0.8)不工作,spring,spring-mvc,spring-security,Spring,Spring Mvc,Spring Security,我试图在我的SpringMVC应用程序中启用Spring安全性,该应用程序提供一些RESTWeb服务(Java8)。我的问题是,无论我做什么,授权根本不起作用。我可以在没有任何凭据的情况下访问我的REST端点。我使用本手册: Git repo和我的应用程序的完整代码如下: java如下所示 @EnableWebSecurity @Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter {
@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser(Secret.user).password("{noop}" + Secret.password).roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// http
// .csrf()
// .disable()
// .authorizeRequests().antMatchers("/**").permitAll()
// .anyRequest().authenticated()
// .and()
// .httpBasic()
// .realmName("test")
// .authenticationEntryPoint(new CustomAuthenticationEntryPoint());
http.authorizeRequests().anyRequest().denyAll();
}
}
AppConfig.java
@Configuration
@Import(SecurityConfig.class)
@EnableWebMvc
@EnableSpringDataWebSupport
@EnableTransactionManagement
@EnableJpaRepositories(basePackages = {"pl.jeleniagora.mks.dao.repository"})
@ComponentScan("pl.jeleniagora.mks")
public class AppConfig{
// beans and app config
}
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" id="WebApp_ID" version="3.1">
<display-name>MKS_JG_ONLINE</display-name>
<context-param>
<param-name>contextClass</param-name>
<param-value>
org.springframework.web.context.support.AnnotationConfigWebApplicationContext
</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>pl.jeleniagora.mks.ws.config</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>rest</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<init-param>
<param-name>contextClass</param-name>
<param-value>
org.springframework.web.context.support.AnnotationConfigWebApplicationContext
</param-value>
</init-param>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>pl.jeleniagora.mks.ws.controllers</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>rest</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file />
</welcome-file-list>
</web-app>
MKS_JG_在线
上下文类
org.springframework.web.context.support.AnnotationConfigWebApplicationContext
上下文配置位置
pl.jeleniagora.mks.ws.config
org.springframework.web.context.ContextLoaderListener
休息
org.springframework.web.servlet.DispatcherServlet
上下文类
org.springframework.web.context.support.AnnotationConfigWebApplicationContext
上下文配置位置
pl.jeleniagora.mks.ws.controllers
1.
休息
/*
在调试模式下启动Tomcat 8.5时,我看到SecurityConfig加载(在configure和configureGlobal中的断点处停止执行)。我做错了什么?Spring安全性要求在安全配置旁边注册一个servlet过滤器 将以下内容添加到
web.xml
(已解释)
然后添加一个引导/配置Spring安全过滤器的过滤器
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer { }
现在一切都是用Java配置的,您可以不用
web.xml
您没有在web.xml
中配置spring安全过滤器。应用安全性需要此筛选器。看见
public class MvcWebApplicationInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
public Class<?>[] getServletConfigClasses() {
return new Class[] { WebConfig.class }; // or whatever it is called or return `null`
}
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] { AppConfig.class };
}
}
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer { }