[英]Spring boot and Spring Security inMemoryAuthentication not working
I am trying to configure Spring boot with Spring security for an application. 我正在尝试为应用程序配置具有Spring安全性的Spring Boot。
However, inMemoryAuthentication()
seems to be not working and for every user I have below error: 但是, inMemoryAuthentication()
似乎不起作用,对于每个用户,我都有以下错误:
INFO 6964 --- [nio-8080-exec-6] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=Fri Oct 16 19:09:41 IST 2015, principal=anonymousUser, type=AUTHORIZATION_FAILURE, data={message=Access is denied, type=org.springframework.security.access.AccessDeniedException}]
Below are the file configurations used: 以下是使用的文件配置:
SecurityConfig.java: SecurityConfig.java:
@Configuration
@EnableWebMvcSecurity
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure( WebSecurity web ) throws Exception
{
//
web
.ignoring()
.antMatchers( "/WEB-INF/jsp/**" );
}
@Autowired
public void configureGlobal( AuthenticationManagerBuilder auth ) throws Exception
{
auth.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests().antMatchers("/homepage**").hasRole("USER")
.antMatchers("/index**").permitAll()
.antMatchers("/login**").permitAll()
.and()
.formLogin()
.loginPage( "/login" )
.loginProcessingUrl( "/login" )
.defaultSuccessUrl( "/index" );
http.csrf().disable();
}
Even application failed to login with given "user" and "password"; 甚至应用程序也无法使用给定的“用户”和“密码”登录;
Spring boot version: 1.2.6
Editor: STS
With reference to Debug logs, inMemoryAuthencated user is showing as Anonymous user: 参考调试日志,inMemoryAuthencated用户显示为匿名用户:
org.springframework.security.authentication.AnonymousAuthenticationToken@90576bf4: **Principal: anonymousUser**; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@21a2c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FB03A4C352FC0164A5A3F751E52A5421; **Granted Authorities: ROLE_ANONYMOUS**
Any insight? 有见识吗?
if you replace your custom login process with the auto-generated login page: 如果您将自定义登录过程替换为自动生成的登录页面:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/homepage**").hasRole("USER")
.antMatchers("/index**").permitAll()
.antMatchers("/login**").permitAll()
.and()
.formLogin();
//.loginPage( "/login" )
//.loginProcessingUrl( "/login" )
//.defaultSuccessUrl( "/index" );
http.csrf().disable();
}
does the error still occurs ? 错误仍然出现吗? if not, it seems to be a problem with your custom login process. 如果不是,则您的自定义登录过程似乎存在问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.