我正在将Spring 3项目转换为Spring 4 + Spring Boot。我不知道这样做是否正确。我将Spring Security XML配置转换为基于 Java 的配置,如下所示:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/", "/home").permitAll()
.anyRequest().authenticated();
http.formLogin()
.defaultSuccessUrl("/afterLogin")
.loginPage("/profiles/lognin/form")
.failureUrl("/accessDenied")
.and()
.authorizeRequests()
.regexMatchers("....")
.hasRole("ROLE_USER")
.antMatchers("....")
.hasRole("ROLE_USER")
//....
;
}
@Override
protected void configure(AuthenticationManagerBuilder authManagerBuilder)
throws Exception {
authManagerBuilder.authenticationProvider(this.getDaoAuthenticationProvider());
}
// ....
}
当我点击主页 URL 时,我得到Spring Security默认登录弹出面板。在我看来,上面的配置没有生效,但是Spring Boot中默认的Spring Security配置没有。如果是这样,如何覆盖默认值?