我正在使用 Spring Security 编写具有基本身份验证和授权的 Spring Boot 项目。我有一个扩展了
WebSecurityConfigurerAdapter
的配置类(我想稍后删除它,因为它已被弃用)。
所以,我的配置类如下所示:
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("spring_user")
.password("password123")
.roles("ADMIN");
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests((authz) -> authz.anyRequest().authenticated())
.httpBasic(Customizer.withDefaults());
return http.build();
}
@Bean
public static PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
pom.xml 文件:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.0.1</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.codelib</groupId>
<artifactId>basic-auth-security</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>basic-auth-security</name>
<description>basic-auth-security</description>
<properties>
<java.version>17</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>5.7.3</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
请注意,我有
spring-boot-starter-web
依赖性。
项目的其余部分没有什么有趣的。当我尝试运行该应用程序时,显示以下消息:
java: cannot access javax.servlet.Filter
class file for javax.servlet.Filter not found
IDEA 将我重定向到配置文件。 (但没有任何代码行带有红色下划线)
这可能是什么原因造成的?
所以,解决方案很简单。如果您要迁移到 Spring 6,您应该摆脱使用
WebSecurityConfigurerAdapter
类,并在没有它的情况下配置您的安全性。
我已经编写了一个新配置(它执行与问题中提供的配置相同的操作),现在它看起来像这样:
@Configuration
@EnableWebSecurity
public class SpringSecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated())
.httpBasic(Customizer.withDefaults())
.formLogin(Customizer.withDefaults());
return http.build();
}
@Bean
public UserDetailsService userDetailsService() {
PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
UserDetails user = User
.withUsername("spring_user")
.password(encoder.encode("password123"))
.roles("USER")
.build();
return new InMemoryUserDetailsManager(user);
}
}
这是 Spring Security 6 提供基本身份验证、默认密码编码器(推荐使用)和内存用户所需的最低配置。