我一直坚持使用新的 spring security 6 为我的网关微服务保护我的 swagger 端点,我已经检查了很多解决方案但没有一个有效,我打算保护以下端点:“/webjars/swagger-ui/ "、"/swagger-ui/" 和 "/swagger-ui.html";我想在内存存储中保存用户详细信息以在春季访问这些端点,但不幸的是,它一直在我的日志中给我这个自动生成的密码供我使用,我尝试使用 @SpringBootApplication 注释的排除属性,但仍然无法正常工作,以下是我的代码,请以任何方式提供帮助,谢谢
网关 pom.xml
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-gateway</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>io.micrometer</groupId>
<artifactId>micrometer-registry-prometheus</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-starter-webflux-api</artifactId>
<version>2.0.2</version>
</dependency>
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-starter-webflux-ui</artifactId>
<version>2.0.2</version>
</dependency>
我的安全配置类
@Configuration
@EnableWebFluxSecurity
public class SecurityConfig {
@Bean
public SecurityWebFilterChain filterChain(ServerHttpSecurity httpSecurity) throws Exception {
return httpSecurity.csrf().disable()
.authorizeExchange()
.pathMatchers("/api/**")
.permitAll()
.and()
.authorizeExchange()
.pathMatchers("/webjars/swagger-ui/**", "/swagger-ui/**", "/swagger-ui.html")
.authenticated().and().httpBasic().and().build();
}
@Bean
public UserDetailsService users() {
UserDetails user = User.builder()
.username("user1")
.password(passwordEncoder().encode("password"))
.roles("USER")
.build();
System.out.println(user.getPassword());
return new InMemoryUserDetailsManager(user);
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
我的 ApiGateway 应用类
@SpringBootApplication
public class ApiGatewayApplication {
public static void main(String[] args) {
SpringApplication.run(ApiGatewayApplication.class, args);
}
}