0
我需要幫助解決此問題... 我無法在我的安全配置文件中保護我的控制器。但我可以用授權角色Spring引導Oauth2〜Restful API
@PreAuthorize("hasAuthority('ROLE_ADMIN')")
做,在我的控制,但是這實在是煩人,我想從我的安全的conf做到這一點。文件
這是我WebSecurityconfigurerAdapter:
@Configuration
//@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(prePostEnabled = false)
//@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
//@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
CustomAuthenticationProvider customAuthenticationProvider;
@Autowired
CustomUserDetailsService cuds;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(cuds)
.passwordEncoder(passwordEncoder())
.and()
.authenticationProvider(customAuthenticationProvider);
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/**").authenticated()
.antMatchers("/test").authenticated()
.antMatchers("/usuarios/**").hasRole("ADMIN");
}
}
,這是我Oauth2Configuration:
@Configuration
public class Oauth2Configuration {
private static final String RESOURCE_ID = "restservice";
@Configuration
@EnableResourceServer
protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Autowired
private CustomLogoutSuccessHandler customLogoutSuccessHandler;
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources
.resourceId(RESOURCE_ID);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http
// Logout
.logout()
.logoutUrl("/oauth/logout")
.logoutSuccessHandler(customLogoutSuccessHandler)
.and()
//Session management
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
//URI's to verify
.authorizeRequests()
.antMatchers("/oauth/logout").permitAll()
.antMatchers("/**").authenticated()
.antMatchers("/usuarios/**").hasRole("ADMIN");
}
}
我試圖使用權限和角色,但是沒有什麼工作。一些想法我做錯了什麼?
也許是訂購的問題?如果你把 '.antMatchers(「/ usuarios/**」)。hasRole(「ADMIN」)' 之前 '.antMatchers(「/ **」)。authenticated()' –
男人,我愛你! !哈哈,是這個命令的問題 –