为什么我不能禁用 spring boot 自动生成的密码和用户?
我正在启动一个新的 spring boot 项目,希望在 Spring Security 中禁用自动配置的用户,我尝试了很多配置但都没有用,我不知道我缺少什么?!!!
如您所见,我正在使用spring boot 2.1.5和web flux、security、mongo、actuator
为了禁用自动用户配置,我尝试实现自己的UserDetailService安全性,如下所示
@Configuration
@EnableWebSecurity
public class SecurityConfigurer extends WebSecurityConfigurerAdapter {
private UserDetailsService userDetailsService;
private PasswordEncoder passwordEncoder;
public SecurityConfigurer(EsportUserDetailService userDetailsService, PasswordEncoder passwordEncoder) {
this.userDetailsService = userDetailsService;
this.passwordEncoder = passwordEncoder;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/").permitAll()
.and()
.authorizeRequests().anyRequest().authenticated();
}
}
@SpringBootApplication(exclude = SecurityAutoConfiguration.class)
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
public class EsportUserDetailService implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Optional<User> userFindByUsername = userRepository.findByUsername(username);
User user = new User();
if (userFindByUsername.isPresent()) user = userFindByUsername.get();
return new EsportPrincipal(user);
}
}
@Configuration
public class BeansConfig{
@Bean
public PasswordEncoder getPasswordEncoding(){
return new BCryptPasswordEncoder();
}
@Bean
public EsportUserDetailService getEsportUsersDetailSericeImplementation(){
return new EsportUserDetailService();
}
}
尚方宝剑之说1回答
-
陪伴而非守候
由于您使用的是 WebFlux 而不是 Spring MVC,因此您必须使用WebFlux Security。要禁用 SpringBoot 配置的默认用户和密码,您必须改为实现ReactiveUserDetailsService。
随时随地看视频慕课网APP
相关分类
Java