猿问

为什么我不能禁用 spring boot 自动生成的密码和用户?

我正在启动一个新的 spring boot 项目,希望在 Spring Security 中禁用自动配置的用户,我尝试了很多配置但都没有用,我不知道我缺少什么?!!!

如您所见,我正在使用spring boot 2.1.5和web flux、security、mongo、actuator


为了禁用自动用户配置,我尝试实现自己的UserDetailService安全性,如下所示


@Configuration

@EnableWebSecurity

public class SecurityConfigurer extends WebSecurityConfigurerAdapter {


    private UserDetailsService userDetailsService;

    private PasswordEncoder passwordEncoder;


    public SecurityConfigurer(EsportUserDetailService userDetailsService, PasswordEncoder passwordEncoder) {

        this.userDetailsService = userDetailsService;

        this.passwordEncoder = passwordEncoder;

    }


    @Override

    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);

    }


    @Override

    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests().antMatchers("/").permitAll()

        .and()

        .authorizeRequests().anyRequest().authenticated();

    }

}

@SpringBootApplication(exclude = SecurityAutoConfiguration.class)

public class Application {


    public static void main(String[] args) {

        SpringApplication.run(Application.class, args);

    }


}

public class EsportUserDetailService implements UserDetailsService {


    @Autowired

    private UserRepository userRepository;


    @Override

    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

        Optional<User> userFindByUsername = userRepository.findByUsername(username);

        User user = new User();

        if (userFindByUsername.isPresent()) user = userFindByUsername.get();

        return new EsportPrincipal(user);

    }



}

@Configuration

public class BeansConfig{



    @Bean

    public PasswordEncoder getPasswordEncoding(){

        return new BCryptPasswordEncoder();

    }


    @Bean

    public EsportUserDetailService getEsportUsersDetailSericeImplementation(){

        return new EsportUserDetailService();

    }


}


尚方宝剑之说
浏览 161回答 1
1回答

陪伴而非守候

由于您使用的是 WebFlux 而不是 Spring MVC,因此您必须使用WebFlux&nbsp;Security。要禁用 SpringBoot 配置的默认用户和密码,您必须改为实现ReactiveUserDetailsService。
随时随地看视频慕课网APP

相关分类

Java
我要回答