我已经开始使用grails 3并且使用spring启动启动器安全。 这是我的安全配置。如何在grails 3.x中禁用基本的http认证?
@Configuration
@EnableWebSecurity
@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(jsr250Enabled = true)
class CustomSecurityConfig extends WebSecurityConfigurerAdapter{
CustomUserDetailsService userDetailsService
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder())
}
@Bean
CustomAuthenticationProvider authenticationProvider() {
CustomAuthenticationProvider provider = new CustomAuthenticationProvider();
return provider;
}
@Override
public void configure(WebSecurity web) throws Exception {
// This is here to ensure that the static content (JavaScript, CSS, etc)
// is accessible from the login page without authentication
web.ignoring().antMatchers("/assets/**");
web.ignoring().antMatchers("/views/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
println "configuring security"
http.httpBasic().disable()
http.authorizeRequests().expressionHandler()
http.formLogin().loginPage("/login").permitAll().and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/").deleteCookies("JSESSIONID")
.invalidateHttpSession(true);
http.authorizeRequests().antMatchers("/").permitAll();
http.csrf().disable();
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
你们看到有什么错误吗?有了这个配置,每当我打开我的根网址,它应该重定向到登录页面,不断要求弹出认证!任何想法如何解决? 干杯!
嗨MangEngkus,感谢您的回复和建议,我已经实施了,我发现这个问题,并张贴马上回复。 – 89n3ur0n