我正在尝试使用Spring Security Java配置保护Web应用程序的安全。
这是配置的样子:
@Configuration @EnableWebMvcSecurity public class SecurityConfiguration extends WebSecurityConfigurerAdapter { private String googleClientSecret; @Autowired private CustomUserService customUserService; /* * (non-Javadoc) * * @see org.springframework.security.config.annotation.web.configuration. * WebSecurityConfigurerAdapter * #configure(org.springframework.security.config * .annotation.web.builders.HttpSecurity) */ @Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http .authorizeRequests() .antMatchers(HttpMethod.GET, "/","/static/**", "/resources/**","/resources/public/**").permitAll() .anyRequest().authenticated() .and() .formLogin() .and() .httpBasic().disable() .requiresChannel().anyRequest().requiresSecure(); // @formatter:on super.configure(http); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { // @formatter:off auth .eraseCredentials(true) .userDetailsService(customUserService); // @formatter:on super.configure(auth); } }
请注意,我已使用以下命令明确禁用了HTTP基本身份验证:
.httpBasic().disable()
访问安全的URL时,我仍然收到HTTP Authenticaton提示框。为什么?
请帮我解决这个问题。我只想呈现捆绑的默认登录表单。
Spring Boot Starter版本:1.1.5 Spring安全版本:3.2.5
首先,调用super.configure(http);将覆盖你之前拥有的整个配置。
super.configure(http)
尝试以下方法:
http .authorizeRequests() .anyRequest().authenticated() .and() .formLogin() .and() .httpBasic().disable();