我在spring boot中启用了http basic auth。从Postman打电话时我看到了奇怪的结果
python3 test_whatever.py MyTest.test_something
Custome Userdetails
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private ApiUserDetailsService userDetails;
@Bean
public ShaPasswordEncoder passwordEncoder() {
return new ShaPasswordEncoder();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
ReflectionSaltSource salt = new ReflectionSaltSource();
salt.setUserPropertyToUse("username");
DaoAuthenticationProvider dao = new DaoAuthenticationProvider();
dao.setUserDetailsService(userDetails);
dao.setPasswordEncoder(passwordEncoder());
dao.setSaltSource(salt);
auth.authenticationProvider(dao);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated().and().csrf().disable().httpBasic();
}
我第一次执行请求时,它需要正确的凭据。输入正确的凭据后,我得到了结果。但是,当我尝试没有凭据或不同密码的相同请求时,保持用户名相同,我不会得到401错误。
只有当我输入用户名时,我才会收到401错误。
我的API需要针对每个请求进行验证。
我在这里做错了什么。
答案 0 :(得分:0)
添加无状态配置有助于解决问题。
@Override
protected void configure(HttpSecurity http) throws Exception {
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.authorizeRequests().anyRequest().authenticated().and().csrf().disable().httpBasic();
}