Question

您好我在后端使用spring boot安全启动器进行Web安全配置：

@Configuration

@EnableWebSecurity 公共类WebSecurityConfig扩展了WebSecurityConfigurerAdapter {

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
       .csrf().disable()                
       //.and()
       .httpBasic()
       .and()
       .authorizeRequests()                
       .antMatchers(HttpMethod.GET, "/*").permitAll()
       .antMatchers(HttpMethod.GET, "/api/geolocation").permitAll()
       .antMatchers(HttpMethod.GET, "/GeoLocationHandler").permitAll()
       .antMatchers(HttpMethod.GET, "/api/user/{userId}").authenticated()
       .anyRequest().authenticated();                
}

}

在我的机器人中我有这个

                    URL url = new URL(MainActivity.API_URL + "/user");
                Log.i(TAG, url.toString());
                httpURLConnection = (HttpURLConnection)url.openConnection();
                httpURLConnection.setDoOutput(true);
                httpURLConnection.setRequestMethod("POST");

               httpURLConnection.setUseCaches(false);
              httpURLConnection.setRequestProperty("Authorization", "basic " 
+ Base64.encode("user:passcode".getBytes(), Base64.NO_WRAP));



                httpURLConnection.setRequestProperty("Content-Type", 
"application/json");
                httpURLConnection.connect();

但是我仍然在Android控制台日志中获得未经过的401 ...所以我不能发布到webapp ...任何建议？感谢

Answer 1

万一有人需要答案，我必须从androids方面对httpURLConnection进行autherise并且它有效。 stackoverflow上的答案很少，其中一个使用base64.encoder

Android httpURLconnection弹簧安全angularJs webapp仍未经授权

1 个答案: