我正在尝试使用spring-boot和spring security做一个例子.我的想法是创建一个Web应用程序并提供API,我希望两者都有安全性; 所以我需要创建一个多http网络安全配置,但它不起作用.
我按照这个链接http://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/#multiple-httpsecurity但没有成功.而且,我收到了这个错误
创建名为"webSecurityConfiguration"的bean时出错:注入自动连接的依赖项失败; 嵌套异常是java.lang.IllegalStateException:无法将org.springframework.security.config.annotation.authentication.configurers.provisioning.InMemoryUserDetailsManagerConfigurer应用于已构建的对象
我正在使用的配置如下:
@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
@EnableGlobalAuthentication
@EnableGlobalMethodSecurity(securedEnabled = true)
public class WebSecurityConfiguration {
@Autowired
protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("12345").roles("USER").and()
.withUser("admin").password("12345").roles("USER", "ADMIN");
}
@Configuration
@Order(1)
public static class ApiConfigurationAdapter extends
WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/api/**")
.authorizeRequests()
.anyRequest().hasRole("ADMIN")
.and()
.httpBasic();
}
}
@Configuration
@Order(2)
public static class WebConfigurationAdapter extends
WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
.antMatchers("/resources/**");
}
@Override …