Spring Security Configuration in Spring Boot

StackOverflow https://stackoverflow.com/questions/21171265

문제

I am working on converting a Spring 3 project to Spring 4 + Spring Boot. I don't know whether it is a right thing to do or not yet. I convert the Spring Security XML configuration to a Java based configuration as the following:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/", "/home").permitAll()
            .anyRequest().authenticated();
    http.formLogin()
            .defaultSuccessUrl("/afterLogin")
            .loginPage("/profiles/lognin/form")
            .failureUrl("/accessDenied")
            .and()
            .authorizeRequests()
            .regexMatchers("....")
            .hasRole("ROLE_USER")
            .antMatchers("....")
            .hasRole("ROLE_USER")
            //....
            ;
}

@Override
protected void configure(AuthenticationManagerBuilder authManagerBuilder)
        throws Exception {
           authManagerBuilder.authenticationProvider(this.getDaoAuthenticationProvider());
}
   // ....
}

I get the Spring Security default login popup panel when I hit the home URL. It seem to me that the above configuration doesn't take effect, but the default Spring Security configuration in Spring Boot doesn't. If so, how to override the default one?

도움이 되었습니까?

해결책

I found the answer. I need to create a file called application.properties with the following line:

security.basic.enabled=false

and place this file under src/main/resource. That is it.

다른 팁

Configure your spring like that.

protected void configure(HttpSecurity http) throws Exception {

    http
                .csrf()
            .and()
                .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
                .exceptionHandling()
            .and()
                .rememberMe()
            .and()
                .formLogin()
                .loginProcessingUrl("/user")   // rest apiyi yaz.
                //.usernameParameter("username")
                //.passwordParameter("password")
                .permitAll()
            .and()
                .logout()
                //.logoutUrl("/api/logout")
                //.deleteCookies("JSESSIONID", "CSRF-TOKEN")
                .permitAll()
            .and()
                .headers()
                .frameOptions()
                .disable()
                .authorizeRequests()
                .antMatchers("/login").permitAll()
                .antMatchers("/#/dashboard/home").permitAll()
            ;



}
라이센스 : CC-BY-SA ~와 함께 속성
제휴하지 않습니다 StackOverflow
scroll top