SpringSecurity:设置配置后,hasRole不起作用?

时间:2019-05-12 15:06:04

标签: spring-boot spring-security

这是我的Java配置:

routes.MapRoute(name: "Default",
    url: "{lang}/{controller}/{action}/{id}",
    defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional }

如您所见,我喜欢人妖

  • 乔恩,扮演@EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication() .withUser("Jon") .password("123456") .roles("USER") .and() .withUser("Bob") .password("qwer") .roles("USER", "ADMIN"); } @Override protected void configure(HttpSecurity http) throws Exception { super.configure(http); http .authorizeRequests() .antMatchers("/admin/**").hasRole("ADMIN") .antMatchers(HttpMethod.GET,"/admin/**").access("hasRole('ADMIN')") .anyRequest().authenticated() .and() .httpBasic() ; } }
  • 鲍勃,扮演USER USER

但是,因此,乔恩(Jon)不应享有ADMIN的肉眼见识,然后我编写跟踪测试

/admin/**

我希望此测试返回未经授权的401,但实际上返回200。

出什么问题了?

SpringSecurityVersion为 ResultMatcher isUnauthorized = MockMvcResultMatchers.status() .is(401); String credential = Base64.getEncoder().encodeToString("Jon:123456".getBytes()); MockHttpServletRequestBuilder builder = MockMvcRequestBuilders.get("/admin/") .header("Authorization", "Basic " + credential); mockMvc.perform(builder) .andDo(MockMvcResultHandlers.print()) .andExpect(isUnauthorized);

0 个答案:

没有答案