这里是配置片段:
@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Bean
@Override
protected UserDetailsService userDetailsService() {
return super.userDetailsService();
}
@Autowired
private UserDetailsService userDetailsService;
@Bean
AuthenticationProvider authenticationProvider(){
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setUserDetailsService(userDetailsService);
provider.setPasswordEncoder(new BCryptPasswordEncoder());
return provider;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/register", "/registration")
.permitAll()
.antMatchers("/home")
.hasAuthority("USER")
.antMatchers("/admin")
.hasAuthority("ADMIN")
.anyRequest()
.authenticated()
.and()
.httpBasic();
}
}
这里是另一个相关的类,名为CustomUserDetails:
@Component
public class CustomUserDetails implements UserDetails {
private User user;
public CustomUserDetails(User user) {
super();
this.user = user;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return Collections.singleton(new SimpleGrantedAuthority("USER"));
//return Collections.emptyList();
}
@Override
public String getPassword() {
return user.getPassword();
}
@Override
public String getUsername() {
return user.getEmail();
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}
@service
:
@Service
public class CustomUserDetailsService implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
User user = userRepository.findByEmail(email);
if(user ==null) {
throw new UsernameNotFoundException("User Not Found");
}
return new CustomUserDetails(user);
}
}
URL/home
必须只有USERS
可以访问,但当我向它发送GET请求时,它是可以访问的,不需要任何授权,甚至不需要认证。我想我忽略了一些东西,求助啊。