英文:
Spring security login is still coming even after I used permit all
问题
我对Spring Security非常陌生。我正在构建一个具有登录注销功能的项目。我按照教程中的说明进行了配置,但仍然不允许在未登录的情况下直接访问。
大多数我使用的方法都被标记为过时或即将移除。
如果有人能指导我,我将不胜感激。
我还注意到它没有生成默认的用户名和密码供登录使用。
英文:
I am very new to spring security. I am building a project which has login logout feature. I did the configuration as told in the tutorials but is still not allowing to access directly without login.
And most of the methods which i use says that it is marked for
deprecated or marked for removal.
I will be grateful if anyone can guide me
I also noticed that it is not generating the default username and password for login
package com.example.covidsurvey.config;
import org.apache.catalina.security.SecurityConfig;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@Configuration
@EnableWebSecurity
public class MyConfig {
@Bean
public UserDetailsService getUserDetailServices() {
return new UserDetailServiceImpl();
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setUserDetailsService(this.getUserDetailServices());
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
return daoAuthenticationProvider;
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf().disable()
.authorizeHttpRequests()
.requestMatchers("/admin/**").permitAll()
.and()
.authorizeHttpRequests().requestMatchers("/user/**").permitAll()
.anyRequest()
.authenticated()
.and()
.formLogin();
return httpSecurity.build();
}
}
答案1
得分: 0
我不确定您要访问的URL是什么,但我相信.authenticated()正在导致Spring想要对您进行身份验证。
我建议查看此回答,他们很好地解释了如何启用/禁用特定端点的安全性。
希望这有所帮助。
英文:
im not sure what url you want to hit but i believe .authenticated() is causing spring to want to authenticate you
i would say to check out this response, they do a good job explaining how to enable/disable security for specific endpoints
hope this helps
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论