1
我想为应用程序的Spring安全配置Spring引导。春季启动和弹簧安全inMemoryAuthentication不能正常工作
然而,inMemoryAuthentication()
似乎没有工作,为每一位用户我有以下错误:
INFO 6964 --- [nio-8080-exec-6] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=Fri Oct 16 19:09:41 IST 2015, principal=anonymousUser, type=AUTHORIZATION_FAILURE, data={message=Access is denied, type=org.springframework.security.access.AccessDeniedException}]
下面是使用的文件配置:
SecurityConfig.java:
@Configuration
@EnableWebMvcSecurity
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception
{
//
web
.ignoring()
.antMatchers("/WEB-INF/jsp/**");
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception
{
auth.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests().antMatchers("/homepage**").hasRole("USER")
.antMatchers("/index**").permitAll()
.antMatchers("/login**").permitAll()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/login")
.defaultSuccessUrl("/index");
http.csrf().disable();
}
即使应用程序未能用给定的“用户”和“密码”登录;
Spring boot version: 1.2.6
Editor: STS
参照调试日志,inMemoryAuthencated用户被示出作为匿名用户:
org.sprin[email protected]90576bf4: **Principal: anonymousUser**; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]21a2c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FB03A4C352FC0164A5A3F751E52A5421; **Granted Authorities: ROLE_ANONYMOUS**
任何了解?
你的配置说'homepage'是一个登录页面,但用户需要有角色'USER'才能访问它? – jny
@jny,我编辑过,我认为这不是导致问题 –