Spring Boot 2安全基本认证

本文介绍了Spring Boot 2安全基本认证的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

为什么以下基本安全配置不适用于MEMoryAuthentication（）子句？

Why following basic security configurations do not apply inMemoryAuthentication() clause?

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf().disable()
            .httpBasic()
            .and()
            .authorizeRequests()
            .anyRequest().authenticated();
        super.configure(http);
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
            .withUser("username").password("password");
        super.configure(auth);
    }

}

应用程序初始化后，有仍然只是由Spring生成的默认用户，没有像用户名这样的用户。

After the application initialization, there is still only default user generated by Spring itself, there is no such user like username.

推荐答案

不要从 void configure（AuthenticationManagerBuilder auth）调用super方法。它将 disableLocalConfigureAuthenticationBldr 标记设置为 true ，它将导致您的 AuthenticationManagerBuilder 被忽略了。最后你的 void configure（AuthenticationManagerBuilder auth）方法应如下所示：

Do not call super method from void configure(AuthenticationManagerBuilder auth). It sets disableLocalConfigureAuthenticationBldr flag to true that leads to your AuthenticationManagerBuilder being ignored. Finally your void configure(AuthenticationManagerBuilder auth) method should look like this:

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication()
            .withUser("username").password("password").roles("USER");
}

这篇关于Spring Boot 2安全基本认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！