Springboot配置security basic path無效的解決方法
Springboot配置security basic path無效的解決方法����?很多新手對此不是很清楚��,為了幫助大家解決這個難題�����,下面小編將為大家詳細講解�����,有這方面需求的人可以來學習下��,希望你能有所收獲�。
問題
springcloud 版本 為 Finchley.RELEASE
springboot 版本為 2.0.3.RELEASE
現在有需求�,/swagger-ui.html 頁面需要添加登錄認證��,但是本來的接口不需要登錄認證
升級springboot之前的做法是直接在application.yml 文件中添加以下配置:
security:
basic:
enabled: true # 啟用SpringSecurity的安全配置項
path: /swagger-ui.html
user:
name: aijianzi # 認證用戶名
password: course # 認證密碼
role: # 授權角色
- USER
升級后這種配置就出錯了����,連編譯都出錯���,如下圖:
解決過程
查找源代碼���,找到如下:
來自:https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-2.0-Migration-Guide
Security
Spring Boot 2 greatly simplifies the default security configuration and makes adding custom security easy. Rather than having several security-related auto-configurations, Spring Boot now has a single behavior that backs off as soon as you add your own WebSecurityConfigurerAdapter.
You are affected if you were using any of the following properties:
security.basic.authorize-mode
security.basic.enabled
security.basic.path
security.basic.realm
security.enable-csrf
security.headers.cache
security.headers.content-security-policy
security.headers.content-security-policy-mode
security.headers.content-type
security.headers.frame
security.headers.hsts
security.headers.xss
security.ignored
security.require-ssl
security.sessions
翻譯:Spring Boot 2極大地簡化了默認的安全配置�����,并使添加定制安全性變得更加容易���。Spring Boot并沒有使用幾個與安全相關的自動配置�,而是在添加自己的WebSecurityConfigurerAdapter時就有了一個單獨的行為����。如果您使用以下屬性���,您將受到影響
再找到:https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-Security-2.0
Security Auto-configuration
Spring Boot 2.0 does not provide separate auto-configuration for user-defined endpoints and actuator endpoints. When Spring Security is on the classpath, the auto-configuration secures all endpoints by default. It adds the @EnableWebSecurity annotation and relies on Spring Security's content-negotiation strategy to determine whether to use httpBasic or formLogin. A user with a a default username and generated password is added, which can be used to login.
翻譯:Spring Boot 2.0沒有為用戶定義的端點和執行器端點提供單獨的自動配置��。當Spring Security在類路徑上時���,自動配置默認為所有端點����。它添加了@EnableWebSecurity 注釋�����,并依賴于Spring Security的內容協商策略來決定是否使用httpBasic或formLogin���。添加了一個默認用戶名和生成密碼的用戶�����,這可以用來登錄����。
解決
對于不同的URL��,安全性是不同的�����,關鍵在于重載WebSecurityConfigurerAdapter 類的configure(HttpSecurity) 方法�����。具體可以參考以上的兩個鏈接
我的完整實現如下:
1�、pom.xml 中添加依賴:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
2���、application.yml 文件中配置登錄用戶名和密碼(如果只到這里��,那么所有的請求都會被攔截)
spring:
security:
user:
name: admin
password: admin
3����、添加自定義的配置類�,注解@Configuration @EnableWebSecurity
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
/**
* @author jiashubing
* @since 2018/7/16
*/
@Configuration
@EnableWebSecurity
public class ActuatorWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
//普通的接口不需要校驗
.antMatchers("/courseApi/**").permitAll()
// swagger頁面需要添加登錄校驗
.antMatchers("/swagger-ui.html").authenticated()
.and()
.formLogin();
}
}看完上述內容是否對您有幫助呢��?如果還想對相關知識有進一步的了解或閱讀更多相關文章�����,請關注億速云行業資訊頻道�����,感謝您對億速云的支持����。
