【发布时间】:2015-10-19 17:06:36
【问题描述】:
我正在尝试为应用程序配置带有 Spring 安全性的 Spring Boot。
但是,inMemoryAuthentication() 似乎无法正常工作,并且对于每个用户,我都有以下错误:
INFO 6964 --- [nio-8080-exec-6] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=Fri Oct 16 19:09:41 IST 2015, principal=anonymousUser, type=AUTHORIZATION_FAILURE, data={message=Access is denied, type=org.springframework.security.access.AccessDeniedException}]
以下是使用的文件配置:
SecurityConfig.java:
@Configuration
@EnableWebMvcSecurity
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure( WebSecurity web ) throws Exception
{
//
web
.ignoring()
.antMatchers( "/WEB-INF/jsp/**" );
}
@Autowired
public void configureGlobal( AuthenticationManagerBuilder auth ) throws Exception
{
auth.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests().antMatchers("/homepage**").hasRole("USER")
.antMatchers("/index**").permitAll()
.antMatchers("/login**").permitAll()
.and()
.formLogin()
.loginPage( "/login" )
.loginProcessingUrl( "/login" )
.defaultSuccessUrl( "/index" );
http.csrf().disable();
}
即使应用程序使用给定的“用户”和“密码”也无法登录;
Spring boot version: 1.2.6
Editor: STS
参考调试日志,inMemoryAuthencated 用户显示为匿名用户:
org.springframework.security.authentication.AnonymousAuthenticationToken@90576bf4: **Principal: anonymousUser**; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@21a2c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FB03A4C352FC0164A5A3F751E52A5421; **Granted Authorities: ROLE_ANONYMOUS**
有什么见解吗?
【问题讨论】:
-
您的配置显示
homepage是一个登录页面,但用户需要具有USER角色才能访问它? -
@jny,我已编辑,我认为这不是问题的原因
标签: java spring spring-security spring-boot