stackoom
  简体   繁体   中英

Spring Boot 2 security basic authentication

 原文  2018-03-28 20:14:21       java/ spring/ spring-boot/ spring-security

Question

Why following basic security configurations do not apply inMemoryAuthentication() clause? 

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf().disable()
            .httpBasic()
            .and()
            .authorizeRequests()
            .anyRequest().authenticated();
        super.configure(http);
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
            .withUser("username").password("password");
        super.configure(auth);
    }

}

After the application initialization, there is still only default user generated by Spring itself, there is no such user like username .

2 answers

solution1
 4 ACCPTED  2018-03-28 23:22:52

Do not call super method from void configure(AuthenticationManagerBuilder auth) . It sets disableLocalConfigureAuthenticationBldr flag to true that leads to your AuthenticationManagerBuilder being ignored. Finally your void configure(AuthenticationManagerBuilder auth) method should look like this: 

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication()
            .withUser("username").password("password").roles("USER");
}

solution2
 4  2018-05-14 08:26:51

In spring boot 2.x, you will have to implement your own UserDetailsService , as described here and here

Example: 

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    private static final Logger log = LogManager.getLogger();

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // Note: 
        // Use this to enable the tomcat basic authentication (tomcat popup rather than spring login page)
        // Note that the CSRf token is disabled for all requests
        log.info("Disabling CSRF, enabling basic authentication...");
        http
        .authorizeRequests()
            .antMatchers("/**").authenticated() // These urls are allowed by any authenticated user
        .and()
            .httpBasic();
        http.csrf().disable();
    }

    @Bean
    public UserDetailsService userDetailsService() {
        // Get the user credentials from the console (or any other source): 
        String username = ...
        String password = ...

        // Set the inMemoryAuthentication object with the given credentials:
        InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
        String encodedPassword = passwordEncoder().encode(password);
        manager.createUser(User.withUsername(username).password(encodedPassword).roles("USER").build());
        return manager;
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring Boot Security -Basic Authentication Why is Spring boot Security Basic Authentication slow? Spring Boot Security JDBC Basic Authentication Failure Spring boot security REST basic authentication from database Spring Security Rest Basic authentication Spring Security HTTP Basic Authentication Spring boot custom Basic authentication spring boot basic authentication not work Database authentication in spring boot security Spring Boot Security LDAP authentication
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM