如何使用javaconfig(無XML)完全配置Spring 4.0和Spring Security(3.2.0)以進行摘要式身份驗證?我正在使用下面的配置類,但是所有請求都被HTTP 401拒絕,「Nonce應該已經產生了兩個令牌,但是(...消息只是停在那裏)」。Spring Security Digest Auth使用JavaConfig示例
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfigurationDigest extends WebSecurityConfigurerAdapter
{
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception
{
auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception
{
http.authorizeRequests().antMatchers("/**").authenticated().and().addFilter(digestAuthenticationFilter(digestEntryPoint()));
}
@Override
@Bean
public UserDetailsService userDetailsServiceBean() throws Exception
{
return super.userDetailsServiceBean();
}
public DigestAuthenticationFilter digestAuthenticationFilter(DigestAuthenticationEntryPoint digestAuthenticationEntryPoint) throws Exception
{
DigestAuthenticationFilter digestAuthenticationFilter = new DigestAuthenticationFilter();
digestAuthenticationFilter.setAuthenticationEntryPoint(digestEntryPoint());
digestAuthenticationFilter.setUserDetailsService(userDetailsServiceBean());
return digestAuthenticationFilter;
}
@Bean
public DigestAuthenticationEntryPoint digestEntryPoint()
{
DigestAuthenticationEntryPoint digestAuthenticationEntryPoint = new DigestAuthenticationEntryPoint();
digestAuthenticationEntryPoint.setKey("mykey");
digestAuthenticationEntryPoint.setRealmName("myrealm");
return digestAuthenticationEntryPoint;
}
}
我試圖通過包括頭在客戶端授權:
授權:文摘名= 「用戶」,境界= 「MYREALM」,隨機數= 「」,URI =「/服務?param = 98「,response =」fcd46faf42a583499d4e7f0371171ef2「,opaque =」「
我能夠訪問預期的服務,如果我將此類恢復到基於HttpBasic的配置。問題與我的配置或與我的要求?大部分上面的代碼都是從另一篇文章中借用的,但是在這種情況下,我無法得到正確的結果。所有這些都在Spring Boot 0.5.0M7中運行。
謝謝。