Spring引導ServeletInitializer和Spring Security

Question

我有2個配置文件。一個是春季啓動應用程序

@SpringBootApplication 
public class Application extends SpringBootServletInitializer { 

    public static void main(String[] args) { 
     ApplicationContext ctx = SpringApplication.run(Application.class, args); 
    } 

    @Override 
    protected SpringApplicationBuilder configure(SpringApplicationBuilder application) { 
     return application.sources(Application.class); 
    } 
    ... 
    } 

和彈簧安全配置。它看起來不起作用。每當我訪問本地主機：8080它要求我的用戶名和密碼。我相信我在auth.inMemoryAuthentication().withUser("user").password("password").roles("USER")

@Configuration 
@EnableWebSecurity 
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter{ 
    @Autowired 
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { 
     auth 
      .inMemoryAuthentication() 
      .withUser("user").password("password").roles("USER"); 
    } 
} 

配置，但它顯示無效的憑證，反正是有驗證此？

編輯：我試圖將此xml配置轉換爲基於JavaConfig但仍然無濟於事。

<?xml version="1.0" encoding="UTF-8"?> 
<beans:beans xmlns="http://www.springframework.org/schema/security" 
      xmlns:beans="http://www.springframework.org/schema/beans" 
      xmlns:context="http://www.springframework.org/schema/context" 
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
      xsi:schemaLocation="http://www.springframework.org/schema/beans 
      http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
      http://www.springframework.org/schema/security 
      http://www.springframework.org/schema/security/spring-security.xsd 
      http://www.springframework.org/schema/context 
    http://www.springframework.org/schema/context/spring-context.xsd"> 

    <context:component-scan base-package="org.app.genesis.client.auth"/> 

    <http pattern="/resources/**" security="none"/> 
    <http pattern="/index.jsp" security="none"/> 

    <http> 
     <intercept-url pattern="/api/*" requires-channel="https"/> 
     <!--TODO Add RESOURCE PATTERN checker --> 
     <form-login login-page="/index.jsp" default-target-url="/dashboard"/> 
     <logout /> 
    </http> 

    <!-- Test Login values --> 
    <authentication-manager> 
     <!--use inMemoryUserDetailsService for faux auth --> 
     <authentication-provider ref="customAuthenticationProvider"/> 
    </authentication-manager> 
</beans:beans> 

，這裏是我的新SecurityConfig

@Configuration 
@EnableWebSecurity 
public class SecurityConfig extends WebSecurityConfigurerAdapter { 


    @Autowired 
    private TenantDetailsService tenantUserDetailsService; 

    @Autowired 
    private PasswordEncryptionService passwordEncoder; 

    @Autowired 
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { 
     auth.userDetailsService(tenantUserDetailsService).passwordEncoder(passwordEncoder); 
    } 

    @Override 
    public void configure(HttpSecurity http) throws Exception { 
     http.formLogin().loginPage("/index.jsp").defaultSuccessUrl("/dashboard"); 
    } 
} 

安全-config.xml中

<?xml version="1.0" encoding="UTF-8"?> 
<beans:beans xmlns="http://www.springframework.org/schema/security" 
      xmlns:beans="http://www.springframework.org/schema/beans" 
      xmlns:context="http://www.springframework.org/schema/context" 
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
      xsi:schemaLocation="http://www.springframework.org/schema/beans 
      http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
      http://www.springframework.org/schema/security 
      http://www.springframework.org/schema/security/spring-security.xsd 
      http://www.springframework.org/schema/context 
    http://www.springframework.org/schema/context/spring-context.xsd"> 

    <context:component-scan base-package="org.brightworks.genesis.client.auth"/> 

    <http pattern="/resources/**" security="none"/> 
    <http pattern="/index.jsp" security="none"/> 

    <http> 
     <intercept-url pattern="/api/*" requires-channel="https"/> 
     <!--TODO Add RESOURCE PATTERN checker --> 
     <form-login login-page="/index.jsp" default-target-url="/dashboard"/> 
     <logout /> 
    </http> 

    <!-- Test Login values --> 
    <authentication-manager> 
     <!--use inMemoryUserDetailsService for faux auth --> 
     <authentication-provider ref="customAuthenticationProvider"/> 
    </authentication-manager> 
</beans:beans> 

Answer 1

如果你想使用自己的身份驗證版本。首先禁用彈簧靴彈簧安全配置。把這個添加到你的application.properties中。

security.basic.enabled=false 

並將您的http配置更改爲此。

@Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http 
      .authorizeRequests() 
      .antMatchers("/**") 
      .hasAnyRole("ROLE1","ROLE2") 
      .and() 
      .formLogin() 
      .loginPage("/login") 
      .loginProcessingUrl("/j_spring_security_check") 
      .defaultSuccessUrl("/product/search", true) 
      .permitAll() 
      .and() 
      .csrf() 
      .disable() 
      .logout() 
      .logoutUrl("/j_spring_security_logout") 
      .logoutSuccessUrl("/login"); 
    } 

符合這種登錄表單

<form class="form-signin"name="f" action="${pageContext.request.contextPath}/j_spring_security_check" method="POST"> 
    <fieldset> 
      <input class="form-control form-group" type="text" name="username" placeholder="Username"> 
      <input class="form-control" type="password" name="password" placeholder="Password" > 
      <a class="forgot pull-right" href="#">Forgot password?</a> 
      <button name="submit" class="btn btn-block btn-primary" type="submit">Sign in</button> 
    </fieldset> 
</form> 

假設頁面登錄頁面說的配置是「/登錄」你說的POST請求，一個是j_spring_security_check。因此，loginProcessingUrl設置爲

j_spring_security_check 

Answer 2

隨着auth.inMemoryAuthentication（），你只定義一個用戶及其證書。 如果你想使用這些，你必須告訴Spring Boot不要創建它自己的默認值。 Spring Boot的默認設置是「用戶」，並且它在運行應用程序時顯示在控制檯中的密碼。 您可以自行設定默認憑據application.properties文件中，就像這樣：

security.user.name=user 
security.user.password=password 
management.security.role=USER