使用HTTP标头的Spring Security
我正在尝试为Spring Boot应用程序添加安全性。我当前的应用程序是使用REST控制器,每次我得到 GET 或 POST 请求时我都会读取HTTP标头来检索用户和密码,以便根据我存储了所有用户的属性文件验证它们。我想将此更改为使用Spring Security,这是我到目前为止所做的:
I am trying to add security to my Spring Boot application. My current application is using REST controllers and every time I get a GET or POST request I read the HTTP header to retrieve the user and password in order to validate them against the properties file I have all my users stored. I want to change this to using Spring Security and this is what I got so far:
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/index.html").permitAll()
.antMatchers("/swagger-ui.html").hasRole("ADMIN")
.anyRequest().authenticated();
}
@Bean
public UserDetailsService userDetailsService() {
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
manager.createUser(User.withUsername("admin").password("password").roles("ADMIN").build());
}
}
如何判断配置方法是从标题而不是登录表单中检索用户凭证?
How can I tell the configure method that the user credentials are to be retrieved from the header and not a login form?
在内存中,身份验证可以满足您的需求
In memory authentication would serve your purpose
@Configuration
@EnableWebMvc
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user1").password("password1").roles("USER")
.and()
.withUser("user2").password("password2").roles("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().fullyAuthenticated();
http.httpBasic();
}
}