我有一个spring项目,它向其他人公开了一些api,但他们需要进行身份验证才能使用该服务。
@Configuration
@EnableWebSecurity
public class SecConfig extends WebSecurityConfigurerAdapter{
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication().withUser("admin").password("admin")
.roles("USER");
}
}
当我使用此弹簧配置时,我可以使用下面的客户端项目验证和使用该服务
public void getRestValue() {
final String url = "http://localhost:8080/template/getData";
final String username = "admin@admin.com";
final String password = "admin";
// Populate the HTTP Basic Authentitcation header with the username and
// password
RestTemplate restTemplate = new RestTemplate();
String plainCreds = username + ":" + password;
byte[] plainCredsBytes = plainCreds.getBytes();
byte[] base64CredsBytes = Base64.encodeBase64(plainCredsBytes);
String base64Creds = new String(base64CredsBytes);
HttpHeaders headers = new HttpHeaders();
headers.add("Authorization", "Basic " + base64Creds);
HttpEntity<String> request = new HttpEntity<String>(headers);
ResponseEntity<String> response = restTemplate.exchange(url,
HttpMethod.GET, request, String.class);
System.out.println(response);
String account = response.getBody();
System.out.println(account);
}
但是当我使用以下配置使用我的userservice从DB获取值时,我将获取登录页面作为响应
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
AppUserDetailsService appUserDetailsService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth.userDetailsService(appUserDetailsService);
}
@Override
public void configure(WebSecurity webSecurity) throws Exception {
webSecurity.ignoring().antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests().antMatchers("/setup/*")
.permitAll().antMatchers("/login").permitAll()
.antMatchers("/logout").permitAll().anyRequest()
.authenticated().and().formLogin().loginPage("/login")
.loginProcessingUrl("/j_spring_security_check")
.usernameParameter("j_username")
.passwordParameter("j_password").failureUrl("/login")
.defaultSuccessUrl("/").permitAll().and().logout()
.logoutUrl("/j_spring_security_logout")
.logoutSuccessUrl("/login").deleteCookies("JSESSIONID")
.invalidateHttpSession(true);
}
}
请告诉我哪里出错了
答案 0 :(得分:0)
您的客户端使用HTTP基本身份验证,但您的服务器仅配置为表单身份验证。尝试在.httpBasic()
方法中添加configure(HttpSecurity http)
。