英文:
Spring security login is still coming even after I used permit all
问题
我对Spring Security非常陌生。我正在构建一个具有登录注销功能的项目。我按照教程中的说明进行了配置,但仍然不允许在未登录的情况下直接访问。
大多数我使用的方法都被标记为过时或即将移除。
如果有人能指导我,我将不胜感激。
我还注意到它没有生成默认的用户名和密码供登录使用。
英文:
I am very new to spring security. I am building a project which has login logout feature. I did the configuration as told in the tutorials but is still not allowing to access directly without login.
And most of the methods which i use says that it is marked for
deprecated or marked for removal.
I will be grateful if anyone can guide me
I also noticed that it is not generating the default username and password for login
package com.example.covidsurvey.config;import org.apache.catalina.security.SecurityConfig;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.security.authentication.AuthenticationManager;import org.springframework.security.authentication.dao.DaoAuthenticationProvider;import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;import org.springframework.security.config.http.SessionCreationPolicy;import org.springframework.security.core.userdetails.UserDetailsService;import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;import org.springframework.security.web.SecurityFilterChain;import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;@Configuration@EnableWebSecuritypublic class MyConfig {@Beanpublic UserDetailsService getUserDetailServices() {return new UserDetailServiceImpl();}@Beanpublic BCryptPasswordEncoder passwordEncoder() {return new BCryptPasswordEncoder();}@Beanpublic DaoAuthenticationProvider authenticationProvider() {DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();daoAuthenticationProvider.setUserDetailsService(this.getUserDetailServices());daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());return daoAuthenticationProvider;}@Beanpublic AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {return authenticationConfiguration.getAuthenticationManager();}@Beanpublic SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {httpSecurity.csrf().disable().authorizeHttpRequests().requestMatchers("/admin/**").permitAll().and().authorizeHttpRequests().requestMatchers("/user/**").permitAll().anyRequest().authenticated().and().formLogin();return httpSecurity.build();}}
答案1
得分: 0
我不确定您要访问的URL是什么,但我相信.authenticated()正在导致Spring想要对您进行身份验证。
我建议查看此回答,他们很好地解释了如何启用/禁用特定端点的安全性。
希望这有所帮助。
英文:
im not sure what url you want to hit but i believe .authenticated() is causing spring to want to authenticate you
i would say to check out this response, they do a good job explaining how to enable/disable security for specific endpoints
hope this helps
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论