当我使用邮递员向
提交获取请求时`http://localhost:8080/students/
如果我使用凭据admin1 123,则会收到401错误。
如果我使用凭据admin 123,则请求将返回用户列表。
如果我使用凭据admin 1234,则请求还会返回用户列表。
我不能正确验证密码吗?
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
@Override
public UserDetailsService userDetailsService() {
UserDetails user = User.withDefaultPasswordEncoder()
.username("admin")
.password("123")
.roles("ADMIN")
.build();
return new InMemoryUserDetailsManager(user);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().and().authorizeRequests()
.antMatchers("/user/**").hasRole("ADMIN")
.and().csrf().disable().headers().frameOptions().disable();
}
}
@RestController
public class StudentResource {
@Autowired private StudentRepository studentRepository;
@GetMapping("/students")
public List<Student> retrieveAllStudents() {
return studentRepository.findAll();
}
}
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
@Override
public UserDetailsService userDetailsService() {
UserDetails user = User.withDefaultPasswordEncoder()
.username("admin")
.password("123")
.roles("ADMIN")
.build();
return new InMemoryUserDetailsManager(user);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().and().authorizeRequests()
.antMatchers("/user/**").hasRole("ADMIN")
.and().csrf().disable().headers().frameOptions().disable();
}
}
@Repository
public interface StudentRepository extends JpaRepository<Student, Long> {
}
data.sql
insert into student
values(10001,'Ranga', 'E1234567');
insert into student
答案 0 :(得分:2)
控制器中的路径与配置中的路径不匹配。