Spring Security 配置

// 需要继承 WebSecurityConfigurerAdapter
@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter

用户名密码

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
                .withUser("root").password(new BCryptPasswordEncoder().encode(passwd)).roles("USER").
                and().withUser(username).password(new BCryptPasswordEncoder().encode(passwd)).roles("USER", "ADMIN");
    }

或者在application.yml中配置：

spring:
  security:
    user:
      name: admin
      password: jxch

Session 无状态

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.httpBasic().and().authorizeRequests().anyRequest().fullyAuthenticated();
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }

跨域

    @Override
    protected void configure(HttpSecurity http) throws Exception {
    	// 关闭
        http.csrf().disable();
    }

忽略

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("abc.html", "dce.html");
    }