我是Spring Security的新手,所以我可能会错过某些东西。我有一个Spring应用程序,该应用程序使用我希望使用Spring Security来保护的WebApplication来启动一个Jetty。该webapp正在运行并可以访问,但不受限制。我尝试了很多东西,但没有任何工作,所以我把它分解为一个最小的设置,但仍然没有机会。 web应用程序由以下Java配置配置:无法让Spring Security工作
@EnableWebMvc
@Configuration
@Import(SecurityConfiguration.class)
@ComponentScan(useDefaultFilters = false, basePackages = { "myapp.web" }, includeFilters = { @ComponentScan.Filter(Controller.class) })
public class SpringMvcConfiguration extends WebMvcConfigurerAdapter {
/**
* Allow the default servlet to serve static files from the webapp root.
*/
@Override
public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) {
configurer.enable();
}
}
和Spring安全以下配置:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user")
.password("password")
.roles("ADMIN")
.authorities("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest()
.hasAuthority("ADMIN");
}
}
和一些控制是这样的:
@Controller
public class SecuredController {
@RequestMapping(value = "/secure", method = RequestMethod.GET)
@ResponseBody
public String secured() {
return "you should not see this unless you provide authentication";
}
}
一切始于了所有的权利,日志告诉我,控制器映射...
[2014-10-01 20:21:29,538, INFO ] [main] mvc.method.annotation.RequestMappingHandlerMapping:197 - Mapped "{[/secure],methods=[GET],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public java.lang.String myapp.web.SecuredController.secured()
...和安全到位,以及...
[2014-10-01 20:21:30,298, INFO ] [main] gframework.security.web.DefaultSecurityFilterChain:28 - Creating filter chain: [email protected]1, [org.springframework.secu[email protected]352c308, org.spring[email protected]2af616d3, [email protected]935, [email protected], org.[email protected]bc57b40, org.sp[email protected]3deb2326, org.springframework.[email protected]7889a1ac, org.springfram[email protected]7d373bcf, o[email protected]5922ae77, org[email protected]7e1a1da6, org.springfr[email protected]1051817b]
...但/secure
URL我的控制器是无条件地到达。我究竟做错了什么?
ps。我想避免xml配置
仍然没有成功... – Ole 2014-10-01 20:47:36