重点是区分自己写的配置类,所继承的有两个
WebSecurityConfigurerAdapter、ResourceServerConfigurerAdapter
先来看一下两个配置特别类似
/**
* Web安全配置类
* springSecurity安全管理框架配置类继承WebSecurityConfigurerAdapter
* @版权所有
*
*/
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private AuthServiceImpl authServiceImpl;
/**
* 为特定的Http请求配置基于Web的安全约束
*/
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.authorizeRequests().anyRequest().authenticated().and().csrf().disable();
}
/**
* 配置认证信息
*/
@Override
protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
authenticationManagerBuilder.authenticationProvider(authProvider()).userDetailsService(authServiceImpl).passwordEncoder(new BCryptPasswordEncoder());
}
/**
* 实例化AuthenticationManager对象,以处理认证请求
*/
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public MyAuthProvider authProvider(){
return new MyAuthProvider();
}
}
我在配置对某个接口无需授权就可访问的时候,就会在这个配置类中直接进行配置,但一直报错,无法访问,后来看到了另一个类,配置好之后,一切正常
/**
* @author :chaogry
* @date :Created in 2020/8/10 9:29
* @description:资源认证服务器,配置对/encrypt/publickey接口的放行
* @modified By:
* @version: $
*/
@Configuration
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
/**
* @description:资源认证服务器,配置对/encrypt/publickey接口的放行
* @param http
* @throws Exception
*/
@Override
public void configure(HttpSecurity http) throws Exception {
http
.headers().frameOptions().disable()
.and()
.authorizeRequests().antMatchers("/encrypt/publickey").permitAll()
.anyRequest().authenticated()
.and()
.csrf().disable();
}
}
小白一枚,没用过这种认证方式,所以记录一下