Question

我正在使用Spring Boot Rest创建API，我想限制API，因此只有登录用户才能访问它。现在测试我使用postman的API，但是如何将用户详细信息传递给API？

这是我的代码：

@Configuration
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private AccessDeniedHandler accessDeniedHandler;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
        .antMatchers(HttpMethod.GET, "/", "/orders").permitAll()
        .antMatchers(HttpMethod.POST, "/order/**").hasAnyRole("ADMIN")
        .antMatchers(HttpMethod.DELETE, "/order/**").hasAnyRole("ADMIN")
        .and()
        .exceptionHandling().accessDeniedHandler(accessDeniedHandler);

    }

    // create two users, admin and user
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

        auth.inMemoryAuthentication()
                .withUser("user").password("password").roles("USER")
                .and()
                .withUser("admin").password("password").roles("ADMIN");
    }
}

这是我的访问被拒绝处理程序：

@Component
public class MyAccessDeniedHandler implements AccessDeniedHandler {

    private static Logger logger = LoggerFactory.getLogger(MyAccessDeniedHandler.class);

    @Override
    public void handle(HttpServletRequest httpServletRequest,
                       HttpServletResponse httpServletResponse,
                       AccessDeniedException e) throws IOException, ServletException {

        Authentication auth
                = SecurityContextHolder.getContext().getAuthentication();

        if (auth != null) {
            logger.info("User '" + auth.getName()
                    + "' attempted to access the protected URL: "
                    + httpServletRequest.getRequestURI());
        }
        httpServletResponse.setContentType("application/json");
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        outputStream.print("Wrong user");

    }
}

当我尝试使用order访问带有DELETE的网址的API，使用postman访问Authorization的方法，并使用带有Basic Auth的{{1}}标签传递用户登录详细信息并将用户名传递为admin，将密码传递为password，我收到Wrong user条消息。

如何使用postman将用户信息详细信息传递给我的API？

Answer 1

表单登录可能是默认的身份验证机制，您需要指定要使用基本身份验证。

试试这个：

@Configuration
class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

  @Autowired
  private AccessDeniedHandler accessDeniedHandler;

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
      .antMatchers(HttpMethod.GET, "/", "/orders").permitAll()
      .antMatchers(HttpMethod.POST, "/order/**").hasAnyRole("ADMIN")
      .antMatchers(HttpMethod.DELETE, "/order/**").hasAnyRole("ADMIN")
      .and()
      .exceptionHandling().accessDeniedHandler(accessDeniedHandler)
    .and()  //added
    .httpBasic();  //added

  }

  // create two users, admin and user
  @Autowired
  public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

    auth.inMemoryAuthentication()
      .withUser("user").password("password").roles("USER")
      .and()
      .withUser("admin").password("password").roles("ADMIN");
  }
}

Answer 2

您需要的是以下依赖项（您可能已经拥有它）：

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

您可以在application.properties文件中创建用户：

security.user.name=username
security.user.password=password

如果您使用的是Spring 2.0.0 M4或更高版本，请使用＆＃34; spring.security＆＃34;。

现在去＆＃34;授权＆＃34;使用＆＃34; Basic Auth＆＃34;并填写您在属性文件中设置的credenrtials。

希望这就是你要找的东西。祝你好运：）

如何使用邮递员将用户登录详细信息传递给Spring Boot Rest API

2 个答案: