按照官网的教程这么写
坑一: 运行时报错 java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id “null”
解决手段,添加 PasswordEncoder
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
下面这个写法也行,但是没有谁会在内存里这么写的,都是去用户中心查询用户
坑二:编译时报错 ROLE_USER cannot start with ROLE_ (it is automatically added)
解决手段,去掉 “ROLE_” 前缀
注意:
- In-Memory Authentication: 基于内存的认证,这个没有实际意义,仅仅用于测试或者演示方便而已
如何禁用登录
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@EnableWebSecurity
@Configuration
public class SpringSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().permitAll()
.and()
.csrf().disable()
.formLogin().disable();
}
}