摘要身份验证始终返回 401

Question

我正在尝试使用 Spring Security 执行摘要式身份验证，但不知何故我总是得到 401。我在这里遗漏了什么吗？

这是调试跟踪。

[INFO ] 2020-12-27 17:46:03.080 [http-nio-8081-exec-1] [/] - Initializing Spring DispatcherServlet 'dispatcherServlet'
[INFO ] 2020-12-27 17:46:03.080 [http-nio-8081-exec-1] DispatcherServlet - Initializing Servlet 'dispatcherServlet'
[DEBUG] 2020-12-27 17:46:03.080 [http-nio-8081-exec-1] DispatcherServlet - Detected StandardServletMultipartResolver
[DEBUG] 2020-12-27 17:46:03.080 [http-nio-8081-exec-1] DispatcherServlet - Detected AcceptHeaderLocaleResolver
[DEBUG] 2020-12-27 17:46:03.080 [http-nio-8081-exec-1] DispatcherServlet - Detected FixedThemeResolver
[DEBUG] 2020-12-27 17:46:03.081 [http-nio-8081-exec-1] DispatcherServlet - Detected org.springframework.web.servlet.view.DefaultRequestToViewNameTranslator@239b98cb
[DEBUG] 2020-12-27 17:46:03.081 [http-nio-8081-exec-1] DispatcherServlet - Detected org.springframework.web.servlet.support.SessionFlashMapManager@7a1371
[DEBUG] 2020-12-27 17:46:03.081 [http-nio-8081-exec-1] DispatcherServlet - enableLoggingRequestDetails='false': request parameters and headers will be masked to prevent unsafe logging of potentially sensitive data
[INFO ] 2020-12-27 17:46:03.081 [http-nio-8081-exec-1] DispatcherServlet - Completed initialization in 1 ms
[DEBUG] 2020-12-27 17:46:03.090 [http-nio-8081-exec-1] FilterChainProxy - Securing GET /users/hello
[DEBUG] 2020-12-27 17:46:03.092 [http-nio-8081-exec-1] SecurityContextPersistenceFilter - Set SecurityContextHolder to empty SecurityContext
[DEBUG] 2020-12-27 17:46:03.094 [http-nio-8081-exec-1] AnonymousAuthenticationFilter - Set SecurityContextHolder to anonymous SecurityContext
[DEBUG] 2020-12-27 17:46:03.095 [http-nio-8081-exec-1] SessionManagementFilter - Request requested invalid session id 6462D0E4F78676F2FDF9C66872715D60
[DEBUG] 2020-12-27 17:46:03.097 [http-nio-8081-exec-1] FilterSecurityInterceptor - Failed to authorize filter invocation [GET /users/hello] with attributes [hasRole('ROLE_USER')]
[DEBUG] 2020-12-27 17:46:03.123 [http-nio-8081-exec-1] HttpSessionRequestCache - Saved request http://localhost:8081/users/hello to session
[DEBUG] 2020-12-27 17:46:03.124 [http-nio-8081-exec-1] DigestAuthenticationEntryPoint - WWW-Authenticate header sent to user agent: Digest realm="My App Relam", qop="auth", nonce="MTYwOTA2MjY2MzEyMzpjZTFjY2VkYWM3OGJkZmNiMTBjNDU0OGQ3NWU5YmQ0NA=="
[DEBUG] 2020-12-27 17:46:03.125 [http-nio-8081-exec-1] HttpSessionSecurityContextRepository - Did not store empty SecurityContext
[DEBUG] 2020-12-27 17:46:03.127 [http-nio-8081-exec-1] SecurityContextPersistenceFilter - Cleared SecurityContextHolder to complete request
[DEBUG] 2020-12-27 17:46:03.130 [http-nio-8081-exec-1] DispatcherServlet - "ERROR" dispatch for GET "/error", parameters={}
[DEBUG] 2020-12-27 17:46:03.133 [http-nio-8081-exec-1] RequestMappingHandlerMapping - Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#errorHtml(HttpServletRequest, HttpServletResponse)
[DEBUG] 2020-12-27 17:46:03.133 [http-nio-8081-exec-1] OpenEntityManagerInViewInterceptor - Opening JPA EntityManager in OpenEntityManagerInViewInterceptor
[DEBUG] 2020-12-27 17:46:03.155 [http-nio-8081-exec-1] ContentNegotiatingViewResolver - Selected 'text/html' given [text/html, text/html;q=0.8]
[DEBUG] 2020-12-27 17:46:03.158 [http-nio-8081-exec-1] OpenEntityManagerInViewInterceptor - Closing JPA EntityManager in OpenEntityManagerInViewInterceptor
[DEBUG] 2020-12-27 17:46:03.158 [http-nio-8081-exec-1] DispatcherServlet - Exiting from "ERROR" dispatch, status 401
[DEBUG] 2020-12-27 17:46:07.241 [http-nio-8081-exec-2] FilterChainProxy - Securing GET /users/hello
[DEBUG] 2020-12-27 17:46:07.241 [http-nio-8081-exec-2] SecurityContextPersistenceFilter - Set SecurityContextHolder to empty SecurityContext
[DEBUG] 2020-12-27 17:46:07.241 [http-nio-8081-exec-2] HttpSessionRequestCache - Loaded matching saved request http://localhost:8081/users/hello
[DEBUG] 2020-12-27 17:46:07.243 [http-nio-8081-exec-2] AnonymousAuthenticationFilter - Set SecurityContextHolder to anonymous SecurityContext
[DEBUG] 2020-12-27 17:46:07.243 [http-nio-8081-exec-2] FilterSecurityInterceptor - Failed to authorize filter invocation [GET /users/hello] with attributes [hasRole('ROLE_USER')]
[DEBUG] 2020-12-27 17:46:07.244 [http-nio-8081-exec-2] HttpSessionRequestCache - Saved request http://localhost:8081/users/hello to session
[DEBUG] 2020-12-27 17:46:07.244 [http-nio-8081-exec-2] DigestAuthenticationEntryPoint - WWW-Authenticate header sent to user agent: Digest realm="My App Relam", qop="auth", nonce="MTYwOTA2MjY2NzI0NDozM2EzNDI4ZDJhZDA5NWU3Y2ZkZTk5ZTdmMDVmOTcyNg=="
[DEBUG] 2020-12-27 17:46:07.244 [http-nio-8081-exec-2] HttpSessionSecurityContextRepository - Did not store empty SecurityContext
[DEBUG] 2020-12-27 17:46:07.244 [http-nio-8081-exec-2] SecurityContextPersistenceFilter - Cleared SecurityContextHolder to complete request
[DEBUG] 2020-12-27 17:46:07.245 [http-nio-8081-exec-2] DispatcherServlet - "ERROR" dispatch for GET "/error", parameters={}
[DEBUG] 2020-12-27 17:46:07.245 [http-nio-8081-exec-2] RequestMappingHandlerMapping - Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#errorHtml(HttpServletRequest, HttpServletResponse)
[DEBUG] 2020-12-27 17:46:07.245 [http-nio-8081-exec-2] OpenEntityManagerInViewInterceptor - Opening JPA EntityManager in OpenEntityManagerInViewInterceptor
[DEBUG] 2020-12-27 17:46:07.246 [http-nio-8081-exec-2] ContentNegotiatingViewResolver - Selected 'text/html' given [text/html, text/html;q=0.8]
[DEBUG] 2020-12-27 17:46:07.247 [http-nio-8081-exec-2] OpenEntityManagerInViewInterceptor - Closing JPA EntityManager in OpenEntityManagerInViewInterceptor
[DEBUG] 2020-12-27 17:46:07.247 [http-nio-8081-exec-2] DispatcherServlet - Exiting from "ERROR" dispatch, status 401
[DEBUG] 2020-12-27 17:46:58.955 [http-nio-8081-exec-4] FilterChainProxy - Securing GET /users/hello
[DEBUG] 2020-12-27 17:46:58.955 [http-nio-8081-exec-4] SecurityContextPersistenceFilter - Set SecurityContextHolder to empty SecurityContext
[DEBUG] 2020-12-27 17:46:58.956 [http-nio-8081-exec-4] HttpSessionRequestCache - Loaded matching saved request http://localhost:8081/users/hello
[DEBUG] 2020-12-27 17:46:58.956 [http-nio-8081-exec-4] AnonymousAuthenticationFilter - Set SecurityContextHolder to anonymous SecurityContext
[DEBUG] 2020-12-27 17:46:58.956 [http-nio-8081-exec-4] FilterSecurityInterceptor - Failed to authorize filter invocation [GET /users/hello] with attributes [hasRole('ROLE_USER')]
[DEBUG] 2020-12-27 17:46:58.957 [http-nio-8081-exec-4] HttpSessionRequestCache - Saved request http://localhost:8081/users/hello to session
[DEBUG] 2020-12-27 17:46:58.957 [http-nio-8081-exec-4] DigestAuthenticationEntryPoint - WWW-Authenticate header sent to user agent: Digest realm="My App Relam", qop="auth", nonce="MTYwOTA2MjcxODk1Nzo4OTQxYzc5MGJjOGNlZTNmZTU4NDcxZWZhOTcyYTRiZg=="
[DEBUG] 2020-12-27 17:46:58.957 [http-nio-8081-exec-4] HttpSessionSecurityContextRepository - Did not store empty SecurityContext
[DEBUG] 2020-12-27 17:46:58.957 [http-nio-8081-exec-4] SecurityContextPersistenceFilter - Cleared SecurityContextHolder to complete request
[DEBUG] 2020-12-27 17:46:58.957 [http-nio-8081-exec-4] DispatcherServlet - "ERROR" dispatch for GET "/error", parameters={}
[DEBUG] 2020-12-27 17:46:58.957 [http-nio-8081-exec-4] RequestMappingHandlerMapping - Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#errorHtml(HttpServletRequest, HttpServletResponse)
[DEBUG] 2020-12-27 17:46:58.957 [http-nio-8081-exec-4] OpenEntityManagerInViewInterceptor - Opening JPA EntityManager in OpenEntityManagerInViewInterceptor
[DEBUG] 2020-12-27 17:46:58.959 [http-nio-8081-exec-4] ContentNegotiatingViewResolver - Selected 'text/html' given [text/html, text/html;q=0.8]
[DEBUG] 2020-12-27 17:46:58.959 [http-nio-8081-exec-4] OpenEntityManagerInViewInterceptor - Closing JPA EntityManager in OpenEntityManagerInViewInterceptor
[DEBUG] 2020-12-27 17:46:58.959 [http-nio-8081-exec-4] DispatcherServlet - Exiting from "ERROR" dispatch, status 401

这是我的 WebSecurityConfiguration 类。

@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    UserDetailsService userDetailsService;

    DigestAuthenticationFilter digestAuthenticationFilter() {
        DigestAuthenticationFilter result = new DigestAuthenticationFilter();
        result.setUserDetailsService(userDetailsService);
        result.setAuthenticationEntryPoint(entryPoint());
        return result;
    }

    @Bean
    public UserDetailsService userDetailsService() {
        // The builder will ensure the passwords are encoded before saving in memory
        User.UserBuilder users = User.withDefaultPasswordEncoder();
        UserDetails user = users
                .username("user")
                .password("password")
                .roles("USER")
                .build();
        UserDetails admin = users
                .username("admin")
                .password("password")
                .roles("USER", "ADMIN")
                .build();
        return new InMemoryUserDetailsManager(user, admin);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable().antMatcher("/users/**")
                .exceptionHandling(e -> e.authenticationEntryPoint(entryPoint()))
                .authorizeRequests()
                .antMatchers("/users/**").hasRole("USER");
    }


    DigestAuthenticationEntryPoint entryPoint() {
        DigestAuthenticationEntryPoint result = new DigestAuthenticationEntryPoint();
        result.setRealmName("My App Relam");
        result.setKey("3028472b-da34-4501-bfd8-a355c42bdf92");
        return result;
    }
}