我想将一个简单的配置添加到现有的Spring REST api项目中,以便WebSecurityConfigurerAdapter对其进行测试。但是当spring启动时,它不会加载配置。也许我需要将其添加到应用程序上下文中,但是我不知道该怎么做。
如果我curl localhost:8080/总是得到未经授权的响应,那么我认为这不是加载配置,为什么呢?或者,我应该如何加载它?在我在github上看到的所有不同项目中,他们从不做任何特殊的事情来加载它!可能是因为其首先加载了嵌入的servlet?
curl localhost:8080/
这是简单的Web安全配置:
@SuppressWarnings("SpringJavaAutowiringInspection") @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserDetailsService userDetailsService; @Autowired public void configureAuthentication(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception { authenticationManagerBuilder .userDetailsService(this.userDetailsService) .passwordEncoder(passwordEncoder()); } @Bean public PasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); } @Override protected void configure(HttpSecurity httpSecurity) throws Exception { httpSecurity // we don't need CSRF because our token is invulnerable .csrf().disable() // don't create session .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() .authorizeRequests() //.antMatchers(HttpMethod.OPTIONS, "/**").permitAll() // allow anonymous resource requests .antMatchers( HttpMethod.GET, "/", "/*.html", "/favicon.ico", "/**/*.html", "/**/*.css", "/**/*.js", "/**" ).permitAll() .antMatchers("/auth/**").permitAll() .anyRequest().authenticated(); // disable page caching httpSecurity.headers().cacheControl(); } }
这是我的申请
@Configuration @EnableConfigurationProperties @ComponentScan(basePackageClasses = SimpleCORSFilter.class) @EnableAutoConfiguration org.springframework.boot.actuate.autoconfigure.ManagementSecurityAutoConfiguration.class}) @EntityScan(basePackages = "com.thing.model") @RestController public class Application { @Bean public FilterRegistrationBean filterRegistrationBean() { FilterRegistrationBean registrationBean = new FilterRegistrationBean(); CharacterEncodingFilter characterEncodingFilter = new CharacterEncodingFilter(); registrationBean.setFilter(characterEncodingFilter); characterEncodingFilter.setEncoding("UTF-8"); characterEncodingFilter.setForceEncoding(true); registrationBean.setOrder(Integer.MIN_VALUE); registrationBean.addUrlPatterns("/*"); return registrationBean; } public static void main(String[] args) { SpringApplication application = new SpringApplication(Application.class); SpringApplication.run(Application.class, args); } @RequestMapping("/") public String home() { return "Hello World"; }
pom.xml依赖项
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-data-jpa</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-tomcat</artifactId> <scope>provided</scope> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-actuator</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>org.geotools</groupId> <artifactId>gt-referencing</artifactId> <version>8.2</version> <type>jar</type> </dependency> <dependency> <groupId>org.jsoup</groupId> <artifactId>jsoup</artifactId> <version>1.7.2</version> <type>jar</type> </dependency> <dependency> <groupId>org.postgresql</groupId> <artifactId>postgresql</artifactId> <version>9.3-1102-jdbc41</version> </dependency> <dependency> <groupId>org.yaml</groupId> <artifactId>snakeyaml</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency>
我需要将WebSecurityConfig添加到应用程序上下文中,并在主类声明中添加以下行:
... @Import(WebSecurityConfig.class) public class Application { ...
我做的另一件事是将SpringBoot升级到1.4.3.RELEASE主应用程序并将其放置到根文件夹中:
1.4.3.RELEASE
<parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>1.4.3.RELEASE</version> <relativePath/> <!-- lookup parent from repository --> </parent>
该树将是例如:
└── com └── app ├── Application.java └── config └── WebSecurityConfig.java
这将自动加载所有@Configuration子文件夹。
@Configuration
