我正在使用REST“登录”功能来验证服务器。验证成功但是当我尝试使用登录功能生成的'x-auth-token'访问URL时,我获得了HTTP 401的授权。我做错了什么?
@RequestMapping(value = "login", method = GET)
public String login(@RequestParam("user") String username,
@RequestParam("password") String password,
@RequestParam("customerId") String customerId,
HttpServletRequest req) throws Exception
{
// Force session creation so it's available to Spring Security post processor filter
req.getSession(true);
// Authenticate using AuthenticationManager configured on SecurityContext
AuthenticationManager authMgr = securityConfig.authenticationManagerBean();
UsernamePasswordAuthenticationToken authReq = new UsernamePasswordAuthenticationToken(username, password);
authReq.setDetails(authenticationDetailsSource.buildDetails(req));
Authentication authResp = authMgr.authenticate(authReq);
// If successful add the authentication response to context so the post processor filter can save it to session
SecurityContextHolder.getContext().setAuthentication(authResp);
return "LOGIN OK";
}
安全配置:
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
@Autowired
private CustomAuthenticationProvider customAuthenticationProvider;
@Override
public void configure(WebSecurity web) throws Exception
{
web.ignoring().antMatchers("/session/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception
{
http.authorizeRequests().anyRequest().authenticated().and().requestCache().requestCache(new NullRequestCache()).and().httpBasic();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception
{
auth.authenticationProvider(customAuthenticationProvider);
}
}