无法覆盖 spring 引导安全
[英]Unable to override spring boot security
问题描述
I'm trying to override the Spring Boot security configurations.
我正在尝试覆盖 Spring 引导安全配置。 But every time I try to access any URL it gives me the default spring security login page.但是每次我尝试访问任何 URL 时,它都会给我默认的 spring 安全登录页面。 And also I'm trying to use REST API.而且我正在尝试使用 REST API。 Here is my attempt.这是我的尝试。 Please help me resolve the issue.请帮我解决问题。 Thank You.谢谢你。
Here is my pom.xml这是我的 pom.xml
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.3.1.RELEASE</version>
<relativePath/>
</parent>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-gateway</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
Here is my Main class这是我的主要 class
@SpringBootApplication(exclude = {
SecurityAutoConfiguration.class
})
public class ApiGatewayApplication {
public static void main(String[] args) {
SpringApplication.run(ApiGatewayApplication.class, args);
}
}
SecurityConfig.class安全配置.class
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("*"));
configuration.setAllowedHeaders(Arrays.asList("*"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and()
.csrf().disable()
.authorizeRequests()
.antMatchers("/greetings").permitAll()
.and()
.httpBasic()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
}
MyController.class我的控制器.class
@RestController
@RequestMapping
public class MyController {
@GetMapping("/greetings")
public String greetings(){
return "Hello World!";
}
}
I also add a property into properties.yml.我还在 properties.yml 中添加了一个属性。
spring:
main:
allow-bean-definition-overriding: true
Stuck into Login Page.卡在登录页面。
localhost:8080/greetings redirect me to localhost:8080/login every time. localhost:8080/greetings 每次都将我重定向到 localhost:8080/login。
2 个解决方案
解决方案1
0 2020-06-18 05:40:09
you can use java based configuration like this您可以像这样使用基于 java 的配置
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity security) throws Exception
{
security.httpBasic().disable();
}
}
or you can simply add in your configure method或者您可以简单地添加您的配置方法
.formLogin().disable()
or you can add in you application.properties file or application.yml或者您可以添加您的application.properties文件或 application.yml
security.basic.enabled=false
解决方案2
0 2020-06-18 08:33:33
As Spring secures each and every request by default when we enable spring security.当我们启用 spring 安全性时,默认情况下 Spring 会保护每个请求。 once if we override the configure method every request has to be handled by the user itself.一次,如果我们覆盖配置方法,每个请求都必须由用户自己处理。
@Override protected void configure(HttpSecurity http) throws Exception { @Override protected void configure(HttpSecurity http) 抛出异常 {
http.cors().and()
.csrf().disable()
.authorizeRequests()
.antMatchers("/greetings").permitAll()
.anyRequest().authenticated()
.and()
.httpBasic()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
include.anyRequest().authenticated() it may works. include.anyRequest().authenticated() 它可能有效。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.