Spring Security登录仍然出现,即使我已经使用了permit all。

huangapple go评论89阅读模式
英文:

Spring security login is still coming even after I used permit all

问题

我对Spring Security非常陌生。我正在构建一个具有登录注销功能的项目。我按照教程中的说明进行了配置,但仍然不允许在未登录的情况下直接访问。

大多数我使用的方法都被标记为过时或即将移除。

如果有人能指导我,我将不胜感激。

我还注意到它没有生成默认的用户名和密码供登录使用。

英文:

I am very new to spring security. I am building a project which has login logout feature. I did the configuration as told in the tutorials but is still not allowing to access directly without login.
And most of the methods which i use says that it is marked for
deprecated or marked for removal.
I will be grateful if anyone can guide me

I also noticed that it is not generating the default username and password for login

package com.example.covidsurvey.config;

import org.apache.catalina.security.SecurityConfig;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableWebSecurity
public class MyConfig {
    @Bean
    public UserDetailsService getUserDetailServices() {
        return new UserDetailServiceImpl();
    }

    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public DaoAuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
        daoAuthenticationProvider.setUserDetailsService(this.getUserDetailServices());
        daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
        return daoAuthenticationProvider;
    }

    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
        return authenticationConfiguration.getAuthenticationManager();
    }

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf().disable()
                .authorizeHttpRequests()
                .requestMatchers("/admin/**").permitAll()
                .and()
                .authorizeHttpRequests().requestMatchers("/user/**").permitAll()
                .anyRequest()
                .authenticated()
                .and()
                .formLogin();


        return httpSecurity.build();

    }


}


答案1

得分: 0

我不确定您要访问的URL是什么,但我相信.authenticated()正在导致Spring想要对您进行身份验证。

我建议查看此回答,他们很好地解释了如何启用/禁用特定端点的安全性。

希望这有所帮助。

英文:

im not sure what url you want to hit but i believe .authenticated() is causing spring to want to authenticate you

i would say to check out this response, they do a good job explaining how to enable/disable security for specific endpoints

hope this helps

huangapple
  • 本文由 发表于 2023年6月16日 11:27:29
  • 转载请务必保留本文链接:https://go.coder-hub.com/76486788.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定