这是我第一次使用Spring Boot安全REST应用程序。我已经为我的类路径添加了spring-boot-starter-security,并且我知道自动保护所有URL。但是在我的开发中的这一点上,我还没有准备好这么做,所以我添加了一个antMatcher来允许所有的URL。但不管如何我把我的WebSecurityConfig,我仍然得到一个错误信息:Spring Boot似乎没有看到我的网络安全配置
Full authentication is required to access this resource
下面是我WebSecurityConfig全面。还有什么我需要为Spring做些挑剔吗?如何验证它是否被使用?非常感谢!
package com.company.jwt.security;
import java.util.Properties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import com.company.jwt.UserUtils;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf().disable().authorizeRequests()
.antMatchers("/**").permitAll();
}
@Override
protected void configure(AuthenticationManagerBuilder authBuilder) throws Exception {
authBuilder.userDetailsService(inMemoryUserDetailsManager());
}
@Bean
public InMemoryUserDetailsManager inMemoryUserDetailsManager() {
Properties props = new Properties();
UserUtils.getUsers()
.forEach(e -> props.put(e.getUsername(), e.getPassword() + "," +
e.getAuthorities() + ", enabled"));
return new InMemoryUserDetailsManager(props);
}
}
尝试删除@EnableWebSecurity –
但我希望基础架构在那里。我不想禁用它来解决我的问题。 – user1660256
如果添加注释,Spring引导将关闭自动配置。请参阅链接:https://docs.spring.io/spring-boot/docs/current/reference/html/howto-security.html –