1.从原方案继承WebSecurityConfigurerAdapter改为使用注解@EnableWebSecurity
2.过期以后原有的configure方法和AuthenticationManager也可能会出问题,建议使用新方案
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public BCryptPasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
@Autowired
private AuthenticationConfiguration authenticationConfiguration;
@Bean
public AuthenticationManager authenticationManager() throws Exception{
AuthenticationManager authenticationManager = authenticationConfiguration.getAuthenticationManager();
return authenticationManager;
}
@Bean
SecurityFilterChain filterChain(HttpSecurity http)throws Exception{
return http.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
//过滤接口
.antMatchers("/user/login").anonymous()
.anyRequest().authenticated()
.and()
.build();
}
/* @Bean
@Override
public AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors()
.disable()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/user/login")
.anonymous()
.anyRequest()
.authenticated();
}*/
}