Код: Выделить всё
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private static final Logger logger = LoggerFactory.getLogger(SecurityConfiguration.class);
@Override
public void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.csrf().disable()
.authorizeRequests()
.and()
.exceptionHandling(e -> e
.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED))
)
.antMatcher("/application-api/v1/**").authorizeRequests()
.antMatchers("/application-api/v1/non-protected").permitAll()
.anyRequest()
.authenticated()
.and()
.oauth2ResourceServer()
.opaqueToken();
}
@Override
protected UserDetailsService userDetailsService() {
return new ApplicationUserDetailsService();
}
}
< /code>
Независимо от того, что я пытаюсь, мое пользовательское приложение OuserDetailsService никогда не используется.
Может ли кто -нибудь увидеть, что не так с этой конфигурацией?@Service
public class ApplicationUserDetailsService implements UserDetailsService {
private static final Logger logger = LoggerFactory.getLogger(ApplicationUserDetailsService.class);
public ApplicationUserDetailsService() {
logger.debug("Creating instance of ApplicationUserDetailsService");
}
@Override
public UserDetails loadUserByUsername(String userName) {
logger.debug("Creating user details for {}", userName);
return new ApplicationUser(userName);
}
}
Код: Выделить всё
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private static final Logger logger = LoggerFactory.getLogger(SecurityConfiguration.class);
@Qualifier("applicationUserDetailsService")
@Autowired
private UserDetailsService userDetailsService;
@Override
public void configure(HttpSecurity httpSecurity) throws Exception {
logger.info("Oauth2 enabled: {}", enabled);
httpSecurity.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.csrf().disable()
.exceptionHandling(e -> e
.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED))
)
.antMatcher("/application-api/v1/**").authorizeRequests()
.antMatchers("/", "/application-api/unprotected").permitAll()
.anyRequest()
.authenticated()
.and()
.oauth2ResourceServer()
.opaqueToken();
}
@Override
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordencoder());
}
@Bean(name="passwordEncoder")
public PasswordEncoder passwordencoder(){
return new BCryptPasswordEncoder();
}
@Override
protected UserDetailsService userDetailsService() {
return userDetailsService;
}
}
Подробнее здесь: https://stackoverflow.com/questions/660 ... not-called