我有一个基于spring-boot的服务器应用程序,运行spring-security。
我的客户端是基于c#的Windows桌面客户端,我使用的是RestSharp库。如果我删除弹簧安全,它就像一个魅力。当我尝试使用spring security在服务器中验证我的客户端时,它永远不会成功。
static void Main(string[] args)
{
var client = new RestClient();
Uri baseUrl = new Uri("http://localhost:8080/POC-WebApplication");
client.BaseUrl = baseUrl;
client.Authenticator = new HttpBasicAuthenticator("user", "password");
var request = new RestRequest("/nuevosusuarios", Method.POST);
request.AddParameter("json", "[{\"name\":\"uuuuu\",\"id\":11101,\"birthday\":\"12/02/2012\"},{\"name\":\"zzzzzz\",\"id\":444644,\"birthday\":\"12/02/2012\"}]");
client.Execute(request);
}
我已经仔细检查过用户名和密码都是正确的,所以到目前为止它不是拼写错误。
阅读春天日志:
00:46:33.293 [http-apr-8080-exec-15] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using NegatedRequestMatcher [requestMatcher=Ant [pattern='/**/favicon.ico']]
00:46:33.294 [http-apr-8080-exec-15] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/nuevosusuarios'; against '/**/favicon.ico'
00:46:33.294 [http-apr-8080-exec-15] DEBUG o.s.s.w.u.m.NegatedRequestMatcher - matches = true
00:46:33.299 [http-apr-8080-exec-15] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@3623e183, matchingMediaTypes=[application/json], useEquals=false, ignoredMediaTypes=[*/*]]]
00:46:33.300 [http-apr-8080-exec-15] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - httpRequestMediaTypes=[application/json, application/xml, text/json, text/x-json, text/javascript, text/xml]
00:46:33.304 [http-apr-8080-exec-15] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing application/json
00:46:33.304 [http-apr-8080-exec-15] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/json .isCompatibleWith application/json = true
00:46:33.305 [http-apr-8080-exec-15] DEBUG o.s.s.w.u.m.NegatedRequestMatcher - matches = false
00:46:33.310 [http-apr-8080-exec-15] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Did not match
00:46:33.310 [http-apr-8080-exec-15] DEBUG o.s.s.w.s.HttpSessionRequestCache - Request not saved as configured RequestMatcher did not match
00:46:33.311 [http-apr-8080-exec-15] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Calling Authentication entry point.
00:46:33.311 [http-apr-8080-exec-15] DEBUG o.s.s.web.DefaultRedirectStrategy - Redirecting to 'http://localhost:8080/POC-WebApplication/login'
00:46:33.315 [http-apr-8080-exec-15] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
00:46:33.316 [http-apr-8080-exec-15] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
00:46:33.323 [http-apr-8080-exec-16] DEBUG o.s.security.web.FilterChainProxy - /login at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
00:46:33.324 [http-apr-8080-exec-16] DEBUG o.s.security.web.FilterChainProxy - /login at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
00:46:33.327 [http-apr-8080-exec-16] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No HttpSession currently exists
00:46:33.327 [http-apr-8080-exec-16] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
00:46:33.328 [http-apr-8080-exec-16] DEBUG o.s.security.web.FilterChainProxy - /login at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
00:46:33.332 [http-apr-8080-exec-16] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@190662e4
00:46:33.333 [http-apr-8080-exec-16] DEBUG o.s.security.web.FilterChainProxy - /login at position 4 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
00:46:33.333 [http-apr-8080-exec-16] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/login'; against '/error.html'
00:46:33.338 [http-apr-8080-exec-16] DEBUG o.s.security.web.FilterChainProxy - /login at position 5 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
00:46:33.338 [http-apr-8080-exec-16] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /login' doesn't match 'POST /login
00:46:33.344 [http-apr-8080-exec-16] DEBUG o.s.security.web.FilterChainProxy - /login at position 6 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
00:46:33.344 [http-apr-8080-exec-16] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
00:46:33.349 [http-apr-8080-exec-16] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
我看到了一些有趣的东西:o.s.s.w.u.m.AntPathRequestMatcher - 请求'GET / login'与'POST / login
不匹配这可能是线索吗?
提前致谢。
答案 0 :(得分:0)
最后我明白了它失败的原因。在spring安全选项中,没有指定httpBasic模式。