这是我的代码,为了避免 WebSecurityConfigurerAdapter,我使用了 SecuirtyFilterChain 和 UserDetailsService。 现在我收到了 User.Builder() 无法定义的错误 “方法 builder() 未定义用户类型”。我检查了很多 YouTube 视频,甚至下载了 Lombok,但没有一个有用。
package com.configuration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import com.model.User;
@Configuration
public class SecurityConfig {
@SuppressWarnings({ "deprecation", "removal" })
@Bean
public SecurityFilterChain configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.requestMatchers(HttpMethod.GET).permitAll()
.anyRequest().authenticated()
.and()
.httpBasic();
return http.build();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public UserDetailsService users() {
UserDetails user = User.builder()
.username("user")
.password("pass")
.roles("USER")
.build();
return new InMemoryUserDetailsManager(user);
}
}
我无法扩展 WebSecurityConfigurerAdapter,所以在这种情况下,我开始使用 SecuirtyFilterChain 和 UserDetailsService,因为它是在 Spring Boot 网站上宣布的,这可能是一个很好的替代方案,但无论我尝试什么,它仍然会出错。
在您的
.httpBasic()
中添加下一个参数,如下所示.httpBasic(Customizer.withDefaults())
SecurityFilterChain 看起来就是这样,没什么难的:
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.csrf(AbstractHttpConfigurer::disable);
http
.cors(AbstractHttpConfigurer::disable);
http.authorizeHttpRequests(request -> {
request.requestMatchers(HttpMethod.GET).permitAll();
request.anyRequest().authenticated();
});
http.httpBasic(Customizer.withDefaults());
return http.build();
}
你也应该看看这里迁移