// 需要继承 WebSecurityConfigurerAdapter
@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter
用户名密码
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
.withUser("root").password(new BCryptPasswordEncoder().encode(passwd)).roles("USER").
and().withUser(username).password(new BCryptPasswordEncoder().encode(passwd)).roles("USER", "ADMIN");
}
或者在application.yml中配置:
spring:
security:
user:
name: admin
password: jxch
Session 无状态
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().and().authorizeRequests().anyRequest().fullyAuthenticated();
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
跨域
@Override
protected void configure(HttpSecurity http) throws Exception {
// 关闭
http.csrf().disable();
}
忽略
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("abc.html", "dce.html");
}