Eu sou novo para a configuração do Spring Security utilizando Java configuração . Eu estava tentando seguir esta postagem . No entanto, quando eu executar o meu aplicativo, eu recebo um desafio Auth básico em todas as URLs, incluindo /. Entrando no quer do ID do usuário / passar combos abaixo não parecem funcionar.
Meu Controlador:
package com.xxx.web;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
@RequestMapping(/)
/**
* Controller to handle basic root URLs
*
* @author xxx
* @version 0.1.0
*/
public class RootController {
/**
* Handles '/'
* @param model
* @return
*/
@RequestMapping
public String index(Model model) {
return index;
}
/**
* Handles '/signup'
* @param model
* @return
*/
@RequestMapping(/signup)
public String signup(Model model) {
return signup;
}
/**
* Handles '/about'
* @param model
* @return
*/
@RequestMapping(/about)
public String about(Model model) {
return about;
}
/**
* Handles '/login'
* @param model
* @return
*/
@RequestMapping(/login)
public String login(Model model) {
return login;
}
/**
* Handles '/admin'
* @param model
* @return
*/
@RequestMapping(/admin)
public String admin(Model model) {
return admin;
}
}
Não tenho certeza o que mais tentar. Apenas à procura de alguma orientação a respeito de porque isso não está funcionando.
Atualizar
Para completar, aqui é a classe config:
package com.xxx.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
/**
* Configures the security for the application
*
* @author XXX
* @version 0.1.0
*
*/
public class WebSecurityAppConfig extends WebSecurityConfigurerAdapter {
@Override
/**
* @see org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter#registerAuthentication(AuthenticationManagerBuilder)
*/
protected void registerAuthentication(AuthenticationManagerBuilder auth)
throws Exception {
auth
.inMemoryAuthentication()
.withUser(user) // #1
.password(password)
.roles(USER)
.and()
.withUser(admin) // #2
.password(password)
.roles(ADMIN,USER);
}
@Override
/**
* @see org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter#configure(WebSecurity)
*/
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers(/resources/**); // #3
}
@Override
/**
* @see org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter#configure(HttpSecurity)
*/
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers(/,/signup,/about).permitAll() // #4
.antMatchers(/admin/**).hasRole(ADMIN) // #6
.anyRequest().authenticated() // 7
.and()
.formLogin() // #8
.loginPage(/login) // #9
.permitAll(); // #5
}
}
E o WebApplicationInitializer:
package com.xxx.config;
import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
/**
*
* @author XXX
* @version 0.1.0
*/
public class SpringWebMvcInitializer extends
AbstractAnnotationConfigDispatcherServletInitializer {
@Override
/**
*
*/
protected Class<?>[] getRootConfigClasses() {
return new Class[] { WebSecurityAppConfig.class };
}
@Override
/**
*
*/
protected Class<?>[] getServletConfigClasses() {
return null;
}
@Override
/**
*
*/
protected String[] getServletMappings() {
return null;
}
}
Eu não incluí-las antes, porque eles são praticamente um copy-paste do blog destacamento referenciado.
