我正在尝试使用 Spring Security 执行摘要式身份验证,但不知何故我总是得到 401。我在这里遗漏了什么吗?
这是调试跟踪。
[INFO ] 2020-12-27 17:46:03.080 [http-nio-8081-exec-1] [/] - Initializing Spring DispatcherServlet 'dispatcherServlet'
[INFO ] 2020-12-27 17:46:03.080 [http-nio-8081-exec-1] DispatcherServlet - Initializing Servlet 'dispatcherServlet'
[DEBUG] 2020-12-27 17:46:03.080 [http-nio-8081-exec-1] DispatcherServlet - Detected StandardServletMultipartResolver
[DEBUG] 2020-12-27 17:46:03.080 [http-nio-8081-exec-1] DispatcherServlet - Detected AcceptHeaderLocaleResolver
[DEBUG] 2020-12-27 17:46:03.080 [http-nio-8081-exec-1] DispatcherServlet - Detected FixedThemeResolver
[DEBUG] 2020-12-27 17:46:03.081 [http-nio-8081-exec-1] DispatcherServlet - Detected org.springframework.web.servlet.view.DefaultRequestToViewNameTranslator@239b98cb
[DEBUG] 2020-12-27 17:46:03.081 [http-nio-8081-exec-1] DispatcherServlet - Detected org.springframework.web.servlet.support.SessionFlashMapManager@7a1371
[DEBUG] 2020-12-27 17:46:03.081 [http-nio-8081-exec-1] DispatcherServlet - enableLoggingRequestDetails='false': request parameters and headers will be masked to prevent unsafe logging of potentially sensitive data
[INFO ] 2020-12-27 17:46:03.081 [http-nio-8081-exec-1] DispatcherServlet - Completed initialization in 1 ms
[DEBUG] 2020-12-27 17:46:03.090 [http-nio-8081-exec-1] FilterChainProxy - Securing GET /users/hello
[DEBUG] 2020-12-27 17:46:03.092 [http-nio-8081-exec-1] SecurityContextPersistenceFilter - Set SecurityContextHolder to empty SecurityContext
[DEBUG] 2020-12-27 17:46:03.094 [http-nio-8081-exec-1] AnonymousAuthenticationFilter - Set SecurityContextHolder to anonymous SecurityContext
[DEBUG] 2020-12-27 17:46:03.095 [http-nio-8081-exec-1] SessionManagementFilter - Request requested invalid session id 6462D0E4F78676F2FDF9C66872715D60
[DEBUG] 2020-12-27 17:46:03.097 [http-nio-8081-exec-1] FilterSecurityInterceptor - Failed to authorize filter invocation [GET /users/hello] with attributes [hasRole('ROLE_USER')]
[DEBUG] 2020-12-27 17:46:03.123 [http-nio-8081-exec-1] HttpSessionRequestCache - Saved request http://localhost:8081/users/hello to session
[DEBUG] 2020-12-27 17:46:03.124 [http-nio-8081-exec-1] DigestAuthenticationEntryPoint - WWW-Authenticate header sent to user agent: Digest realm="My App Relam", qop="auth", nonce="MTYwOTA2MjY2MzEyMzpjZTFjY2VkYWM3OGJkZmNiMTBjNDU0OGQ3NWU5YmQ0NA=="
[DEBUG] 2020-12-27 17:46:03.125 [http-nio-8081-exec-1] HttpSessionSecurityContextRepository - Did not store empty SecurityContext
[DEBUG] 2020-12-27 17:46:03.127 [http-nio-8081-exec-1] SecurityContextPersistenceFilter - Cleared SecurityContextHolder to complete request
[DEBUG] 2020-12-27 17:46:03.130 [http-nio-8081-exec-1] DispatcherServlet - "ERROR" dispatch for GET "/error", parameters={}
[DEBUG] 2020-12-27 17:46:03.133 [http-nio-8081-exec-1] RequestMappingHandlerMapping - Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#errorHtml(HttpServletRequest, HttpServletResponse)
[DEBUG] 2020-12-27 17:46:03.133 [http-nio-8081-exec-1] OpenEntityManagerInViewInterceptor - Opening JPA EntityManager in OpenEntityManagerInViewInterceptor
[DEBUG] 2020-12-27 17:46:03.155 [http-nio-8081-exec-1] ContentNegotiatingViewResolver - Selected 'text/html' given [text/html, text/html;q=0.8]
[DEBUG] 2020-12-27 17:46:03.158 [http-nio-8081-exec-1] OpenEntityManagerInViewInterceptor - Closing JPA EntityManager in OpenEntityManagerInViewInterceptor
[DEBUG] 2020-12-27 17:46:03.158 [http-nio-8081-exec-1] DispatcherServlet - Exiting from "ERROR" dispatch, status 401
[DEBUG] 2020-12-27 17:46:07.241 [http-nio-8081-exec-2] FilterChainProxy - Securing GET /users/hello
[DEBUG] 2020-12-27 17:46:07.241 [http-nio-8081-exec-2] SecurityContextPersistenceFilter - Set SecurityContextHolder to empty SecurityContext
[DEBUG] 2020-12-27 17:46:07.241 [http-nio-8081-exec-2] HttpSessionRequestCache - Loaded matching saved request http://localhost:8081/users/hello
[DEBUG] 2020-12-27 17:46:07.243 [http-nio-8081-exec-2] AnonymousAuthenticationFilter - Set SecurityContextHolder to anonymous SecurityContext
[DEBUG] 2020-12-27 17:46:07.243 [http-nio-8081-exec-2] FilterSecurityInterceptor - Failed to authorize filter invocation [GET /users/hello] with attributes [hasRole('ROLE_USER')]
[DEBUG] 2020-12-27 17:46:07.244 [http-nio-8081-exec-2] HttpSessionRequestCache - Saved request http://localhost:8081/users/hello to session
[DEBUG] 2020-12-27 17:46:07.244 [http-nio-8081-exec-2] DigestAuthenticationEntryPoint - WWW-Authenticate header sent to user agent: Digest realm="My App Relam", qop="auth", nonce="MTYwOTA2MjY2NzI0NDozM2EzNDI4ZDJhZDA5NWU3Y2ZkZTk5ZTdmMDVmOTcyNg=="
[DEBUG] 2020-12-27 17:46:07.244 [http-nio-8081-exec-2] HttpSessionSecurityContextRepository - Did not store empty SecurityContext
[DEBUG] 2020-12-27 17:46:07.244 [http-nio-8081-exec-2] SecurityContextPersistenceFilter - Cleared SecurityContextHolder to complete request
[DEBUG] 2020-12-27 17:46:07.245 [http-nio-8081-exec-2] DispatcherServlet - "ERROR" dispatch for GET "/error", parameters={}
[DEBUG] 2020-12-27 17:46:07.245 [http-nio-8081-exec-2] RequestMappingHandlerMapping - Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#errorHtml(HttpServletRequest, HttpServletResponse)
[DEBUG] 2020-12-27 17:46:07.245 [http-nio-8081-exec-2] OpenEntityManagerInViewInterceptor - Opening JPA EntityManager in OpenEntityManagerInViewInterceptor
[DEBUG] 2020-12-27 17:46:07.246 [http-nio-8081-exec-2] ContentNegotiatingViewResolver - Selected 'text/html' given [text/html, text/html;q=0.8]
[DEBUG] 2020-12-27 17:46:07.247 [http-nio-8081-exec-2] OpenEntityManagerInViewInterceptor - Closing JPA EntityManager in OpenEntityManagerInViewInterceptor
[DEBUG] 2020-12-27 17:46:07.247 [http-nio-8081-exec-2] DispatcherServlet - Exiting from "ERROR" dispatch, status 401
[DEBUG] 2020-12-27 17:46:58.955 [http-nio-8081-exec-4] FilterChainProxy - Securing GET /users/hello
[DEBUG] 2020-12-27 17:46:58.955 [http-nio-8081-exec-4] SecurityContextPersistenceFilter - Set SecurityContextHolder to empty SecurityContext
[DEBUG] 2020-12-27 17:46:58.956 [http-nio-8081-exec-4] HttpSessionRequestCache - Loaded matching saved request http://localhost:8081/users/hello
[DEBUG] 2020-12-27 17:46:58.956 [http-nio-8081-exec-4] AnonymousAuthenticationFilter - Set SecurityContextHolder to anonymous SecurityContext
[DEBUG] 2020-12-27 17:46:58.956 [http-nio-8081-exec-4] FilterSecurityInterceptor - Failed to authorize filter invocation [GET /users/hello] with attributes [hasRole('ROLE_USER')]
[DEBUG] 2020-12-27 17:46:58.957 [http-nio-8081-exec-4] HttpSessionRequestCache - Saved request http://localhost:8081/users/hello to session
[DEBUG] 2020-12-27 17:46:58.957 [http-nio-8081-exec-4] DigestAuthenticationEntryPoint - WWW-Authenticate header sent to user agent: Digest realm="My App Relam", qop="auth", nonce="MTYwOTA2MjcxODk1Nzo4OTQxYzc5MGJjOGNlZTNmZTU4NDcxZWZhOTcyYTRiZg=="
[DEBUG] 2020-12-27 17:46:58.957 [http-nio-8081-exec-4] HttpSessionSecurityContextRepository - Did not store empty SecurityContext
[DEBUG] 2020-12-27 17:46:58.957 [http-nio-8081-exec-4] SecurityContextPersistenceFilter - Cleared SecurityContextHolder to complete request
[DEBUG] 2020-12-27 17:46:58.957 [http-nio-8081-exec-4] DispatcherServlet - "ERROR" dispatch for GET "/error", parameters={}
[DEBUG] 2020-12-27 17:46:58.957 [http-nio-8081-exec-4] RequestMappingHandlerMapping - Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#errorHtml(HttpServletRequest, HttpServletResponse)
[DEBUG] 2020-12-27 17:46:58.957 [http-nio-8081-exec-4] OpenEntityManagerInViewInterceptor - Opening JPA EntityManager in OpenEntityManagerInViewInterceptor
[DEBUG] 2020-12-27 17:46:58.959 [http-nio-8081-exec-4] ContentNegotiatingViewResolver - Selected 'text/html' given [text/html, text/html;q=0.8]
[DEBUG] 2020-12-27 17:46:58.959 [http-nio-8081-exec-4] OpenEntityManagerInViewInterceptor - Closing JPA EntityManager in OpenEntityManagerInViewInterceptor
[DEBUG] 2020-12-27 17:46:58.959 [http-nio-8081-exec-4] DispatcherServlet - Exiting from "ERROR" dispatch, status 401
这是我的 WebSecurityConfiguration 类。
@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
UserDetailsService userDetailsService;
DigestAuthenticationFilter digestAuthenticationFilter() {
DigestAuthenticationFilter result = new DigestAuthenticationFilter();
result.setUserDetailsService(userDetailsService);
result.setAuthenticationEntryPoint(entryPoint());
return result;
}
@Bean
public UserDetailsService userDetailsService() {
// The builder will ensure the passwords are encoded before saving in memory
User.UserBuilder users = User.withDefaultPasswordEncoder();
UserDetails user = users
.username("user")
.password("password")
.roles("USER")
.build();
UserDetails admin = users
.username("admin")
.password("password")
.roles("USER", "ADMIN")
.build();
return new InMemoryUserDetailsManager(user, admin);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().antMatcher("/users/**")
.exceptionHandling(e -> e.authenticationEntryPoint(entryPoint()))
.authorizeRequests()
.antMatchers("/users/**").hasRole("USER");
}
DigestAuthenticationEntryPoint entryPoint() {
DigestAuthenticationEntryPoint result = new DigestAuthenticationEntryPoint();
result.setRealmName("My App Relam");
result.setKey("3028472b-da34-4501-bfd8-a355c42bdf92");
return result;
}
}