使用Spring Security Java配置时禁用基本身份验证
我正在尝试使用Spring Security Java配置保护Web应用程序.
I am trying to secure a web application using Spring Security java configuration.
这是配置的外观:-
@Configuration
@EnableWebMvcSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private String googleClientSecret;
@Autowired
private CustomUserService customUserService;
/*
* (non-Javadoc)
*
* @see org.springframework.security.config.annotation.web.configuration.
* WebSecurityConfigurerAdapter
* #configure(org.springframework.security.config
* .annotation.web.builders.HttpSecurity)
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/","/static/**", "/resources/**","/resources/public/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.httpBasic().disable()
.requiresChannel().anyRequest().requiresSecure();
// @formatter:on
super.configure(http);
}
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
// @formatter:off
auth
.eraseCredentials(true)
.userDetailsService(customUserService);
// @formatter:on
super.configure(auth);
}
}
请注意,我已使用以下方式明确禁用了HTTP基本身份验证:-
Notice that I have explicitly disabled HTTP Basic authentication using:-
.httpBasic().disable()
访问安全的URL时,我仍然收到HTTP Authenticaton提示框.为什么?
I am still getting HTTP Authenticaton prompt box while accessing a secured url. Why?
请帮助我解决此问题. 我只想呈现捆绑的默认登录表单.
Please help me fix this. I just want to render the default login form that comes bundled.
Spring Boot Starter版本:1.1.5 春季安全版本:3.2.5
Spring Boot Starter Version : 1.1.5 Spring Security Version : 3.2.5
谢谢
首先,调用super.configure(http);将覆盖您之前的整个配置.
First of all, calling super.configure(http); will override whole your configuration you have before that.
尝试以下方法:
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.httpBasic().disable();