Spring security basic auth也为403提供了正确的密码

时间:2014-06-20 07:14:17

标签: java spring spring-mvc spring-security

您好我使用基于Spring安全java的配置进行基本身份验证,即使使用正确的密码和用户名,也会给我403错误。配置代码如下所示。当我尝试访问我的端点时,我得到的是同样的使用@Secured('USER')

启用方法级安全性 
@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
@EnableWebMvcSecurity

public class SecurityConfig extends WebSecurityConfigurerAdapter {

/*
 * (non-Javadoc)
 * 
 * @see org.springframework.security.config.annotation.web.configuration.
 * WebSecurityConfigurerAdapter
 * #configure(org.springframework.security.config
 * .annotation.authentication.builders.AuthenticationManagerBuilder)
 */
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication().withUser("root").password("hacked").roles("USER");
}

/*
 * (non-Javadoc)
 * 
 * @see org.springframework.security.config.annotation.web.configuration.
 * WebSecurityConfigurerAdapter
 * #configure(org.springframework.security.config
 * .annotation.web.builders.HttpSecurity)
 */
@Override
protected void configure(HttpSecurity http) throws Exception {
    http.exceptionHandling().authenticationEntryPoint(digestEndPoint()).
    // #session creation policy
            and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).
            // #Http Basic
            and().httpBasic().realmName("HF Integration").
            // #Add filter
            and().addFilterAfter(digestAuthenticationFilter(), BasicAuthenticationFilter.class);
}

/*
 * (non-Javadoc)
 * 
 * @see org.springframework.security.config.annotation.web.configuration.
 * WebSecurityConfigurerAdapter#authenticationManagerBean()
 */
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
    return super.authenticationManagerBean();
}

/*
 * (non-Javadoc)
 * 
 * @see org.springframework.security.config.annotation.web.configuration.
 * WebSecurityConfigurerAdapter#userDetailsServiceBean()
 */
@Override
@Bean
public UserDetailsService userDetailsServiceBean() throws Exception {
    return super.userDetailsServiceBean();
}

/**
 * Digest authentication filter.
 *
 * @return the digest authentication filter
 * @throws Exception
 *             the exception
 */
public DigestAuthenticationFilter digestAuthenticationFilter() throws Exception {
    DigestAuthenticationFilter filter = new DigestAuthenticationFilter();
    filter.setUserDetailsService(userDetailsServiceBean());
    filter.setAuthenticationEntryPoint(digestEndPoint());
    return filter;

}

/**
 * Digest end point.
 *
 * @return the digest authentication entry point
 */
public DigestAuthenticationEntryPoint digestEndPoint() {
    DigestAuthenticationEntryPoint digestAuthenticationEntryPoint = new DigestAuthenticationEntryPoint();
    digestAuthenticationEntryPoint.setRealmName("HF Integration");
    digestAuthenticationEntryPoint.setKey("acegi");
    return digestAuthenticationEntryPoint;
}

}

请帮帮我们!!

0 个答案:

没有答案
相关问题
最新问题