1
我正在嘗試使用Spring Security Annotations來實現HTTP基本身份驗證。在Spring Security中實現基本身份驗證後總是收到401錯誤
我有一個REST端點,定義如下:
@RequestMapping("/foo/")
我希望人們只有在管理員角色的訪問/富/端點。
接下來,我配置Spring安全,如下圖所示:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private static String REALM="MY_TEST_REALM";
@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("bill").password("abc123").roles("ADMIN");
auth.inMemoryAuthentication().withUser("tom").password("abc123").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
//http.csrf().disable()
http
.authorizeRequests()
.antMatchers("/foo/").hasRole("ADMIN")
.and().httpBasic().realmName(REALM).authenticationEntryPoint(getBasicAuthEntryPoint())
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);//We don't need sessions to be created.
}
@Bean
public CustomBasicAuthenticationEntryPoint getBasicAuthEntryPoint(){
return new CustomBasicAuthenticationEntryPoint();
}
/* To allow Pre-flight [OPTIONS] request from browser */
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers(HttpMethod.OPTIONS, "/**");
}
}
所以,我只想與密碼ABC123賬單的用戶名,以便能夠調用REST端點。
接下來,我定義應返回
public class CustomBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoint {
@Override
public void commence(final HttpServletRequest request,
final HttpServletResponse response,
final AuthenticationException authException) throws IOException, ServletException {
//Authentication failed, send error response.
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.addHeader("WWW-Authenticate", "Basic realm=" + getRealmName() + "");
PrintWriter writer = response.getWriter();
writer.println("HTTP Status 401 : " + authException.getMessage());
}
@Override
public void afterPropertiesSet() throws Exception {
setRealmName("MY_TEST_REALM");
super.afterPropertiesSet();
}
}
我試圖測試與郵差的錯誤,我使用基本身份驗證使用正確的憑據,但我總是得到401錯誤。我錯過了任何一步嗎?
註解。我的問題是,我在哪裏(哪個Java類)放置@Import({SecurityConfiguration.class})註釋?它是CustomBasicAuthenticationEntryPoint.java或SecurityConfiguration.java還是Application.java? – Sai
好的。我嘗試以下沒有任何成功 @Configuration @Import({} SecurityConfiguration.class) 公共類的AppConfig { } – Sai
感謝您的幫助。你是對的。我在Application.java中添加了以下行,它現在可用:ApplicationContext context = new AnnotationConfigApplicationContext( \t \t \t \t \t AppConfig.class); – Sai