我正在使用Spring Boot Rest创建API,我想限制API,因此只有登录用户才能访问它。现在测试我使用postman的API,但是如何将用户详细信息传递给API?
这是我的代码:
@Configuration
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private AccessDeniedHandler accessDeniedHandler;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers(HttpMethod.GET, "/", "/orders").permitAll()
.antMatchers(HttpMethod.POST, "/order/**").hasAnyRole("ADMIN")
.antMatchers(HttpMethod.DELETE, "/order/**").hasAnyRole("ADMIN")
.and()
.exceptionHandling().accessDeniedHandler(accessDeniedHandler);
}
// create two users, admin and user
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password("password").roles("USER")
.and()
.withUser("admin").password("password").roles("ADMIN");
}
}
这是我的访问被拒绝处理程序:
@Component
public class MyAccessDeniedHandler implements AccessDeniedHandler {
private static Logger logger = LoggerFactory.getLogger(MyAccessDeniedHandler.class);
@Override
public void handle(HttpServletRequest httpServletRequest,
HttpServletResponse httpServletResponse,
AccessDeniedException e) throws IOException, ServletException {
Authentication auth
= SecurityContextHolder.getContext().getAuthentication();
if (auth != null) {
logger.info("User '" + auth.getName()
+ "' attempted to access the protected URL: "
+ httpServletRequest.getRequestURI());
}
httpServletResponse.setContentType("application/json");
ServletOutputStream outputStream = httpServletResponse.getOutputStream();
outputStream.print("Wrong user");
}
}
当我尝试使用order
访问带有DELETE
的网址的API,使用postman
访问Authorization
的方法,并使用带有Basic Auth
的{{1}}标签传递用户登录详细信息并将用户名传递为admin
,将密码传递为password
,我收到Wrong user
条消息。
如何使用postman
将用户信息详细信息传递给我的API?
答案 0 :(得分:4)
表单登录可能是默认的身份验证机制,您需要指定要使用基本身份验证。
试试这个:
@Configuration
class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private AccessDeniedHandler accessDeniedHandler;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers(HttpMethod.GET, "/", "/orders").permitAll()
.antMatchers(HttpMethod.POST, "/order/**").hasAnyRole("ADMIN")
.antMatchers(HttpMethod.DELETE, "/order/**").hasAnyRole("ADMIN")
.and()
.exceptionHandling().accessDeniedHandler(accessDeniedHandler)
.and() //added
.httpBasic(); //added
}
// create two users, admin and user
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password("password").roles("USER")
.and()
.withUser("admin").password("password").roles("ADMIN");
}
}
答案 1 :(得分:-1)
您需要的是以下依赖项(您可能已经拥有它):
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
您可以在application.properties文件中创建用户:
security.user.name=username
security.user.password=password
如果您使用的是Spring 2.0.0 M4或更高版本,请使用&#34; spring.security&#34;。
现在去&#34;授权&#34;使用&#34; Basic Auth&#34;并填写您在属性文件中设置的credenrtials。
希望这就是你要找的东西。祝你好运:)