我正在使用Spring Boot实现摘要式身份验证。
问题:当我访问安全的URL时,它向我显示默认对话框,要求用户名和密码,但是即使在填写正确的凭据后也无法登录。
这是SecurityConfig类。
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/home").permitAll()
.anyRequest().authenticated()
.and()
.addFilter(digestAuthFilter())
.exceptionHandling()
.authenticationEntryPoint(digestEntryPoint())
.and()
.formLogin()
.defaultSuccessUrl("/secure")
.permitAll()
;
}
@Bean
DigestAuthenticationFilter digestAuthFilter() throws Exception {
DigestAuthenticationFilter digestAuthenticationFilter = new DigestAuthenticationFilter();
digestAuthenticationFilter.setUserDetailsService(userDetailsServiceBean());
digestAuthenticationFilter.setAuthenticationEntryPoint(digestEntryPoint());
digestAuthenticationFilter.setPasswordAlreadyEncoded(true);
return digestAuthenticationFilter;
}
@Bean
DigestAuthenticationEntryPoint digestEntryPoint() {
DigestAuthenticationEntryPoint bauth = new DigestAuthenticationEntryPoint();
bauth.setRealmName("Digest Realm");
bauth.setKey("MySecureKey");
return bauth;
}
@Override
@Bean
public UserDetailsService userDetailsServiceBean() {
InMemoryUserDetailsManager inMemoryUserDetailsManager = new InMemoryUserDetailsManager();
inMemoryUserDetailsManager.createUser(User.withUsername("user").password("{noop}user").authorities("USER").build());
return inMemoryUserDetailsManager;
}
}
这是用于映射的rest控制器的类。
@RequestMapping(value = "/")
public class TestController {
@RequestMapping(value = "/secure")
public String secure() {
return "You are authorize to access this page. This is secure page. ";
}
@RequestMapping(value = {"/home", "/"})
public String home() {
return "This is public page. No need of authentication";
}
}
我希望它通过提供正确的凭据来提供访问权限,并重定向到安全的“ /安全” URL。