1
我想爲應用程序的Spring安全配置Spring引導。春季啓動和彈簧安全inMemoryAuthentication不能正常工作
然而,inMemoryAuthentication()
似乎沒有工作,爲每一位用戶我有以下錯誤:
INFO 6964 --- [nio-8080-exec-6] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=Fri Oct 16 19:09:41 IST 2015, principal=anonymousUser, type=AUTHORIZATION_FAILURE, data={message=Access is denied, type=org.springframework.security.access.AccessDeniedException}]
下面是使用的文件配置:
SecurityConfig.java:
@Configuration
@EnableWebMvcSecurity
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception
{
//
web
.ignoring()
.antMatchers("/WEB-INF/jsp/**");
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception
{
auth.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests().antMatchers("/homepage**").hasRole("USER")
.antMatchers("/index**").permitAll()
.antMatchers("/login**").permitAll()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/login")
.defaultSuccessUrl("/index");
http.csrf().disable();
}
即使應用程序未能用給定的「用戶」和「密碼」登錄;
Spring boot version: 1.2.6
Editor: STS
參照調試日誌,inMemoryAuthencated用戶被示出作爲匿名用戶:
org.sprin[email protected]90576bf4: **Principal: anonymousUser**; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]21a2c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FB03A4C352FC0164A5A3F751E52A5421; **Granted Authorities: ROLE_ANONYMOUS**
任何瞭解?
你的配置說'homepage'是一個登錄頁面,但用戶需要有角色'USER'才能訪問它? – jny
@jny,我編輯過,我認爲這不是導致問題 –