我正在处理一个 Spring Security 项目,我正在调用一个 MySQL 数据库,在那里我检索一个用户对象。其他端点似乎工作得很好,但我在这个端点上使用 Postman 得到了 403。是的,我禁用了 csrf。这似乎适用于其他情况。
@RequestMapping(value = "/user", method = RequestMethod.GET)
public ResponseEntity<?> userData(@RequestBody String userN) throws Exception {
final UserDetails userDet = userDetailsService.loadUserByUsername(userN);
String username = userDet.getUsername();
String password = userDet.getPassword();
return ResponseEntity.ok(new AuthenticationRequest(username, password));
}
这是端点的安全配置:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests().antMatchers("/authenticate", "/user", "/getter", "/getterById", "getterCred").permitAll()
.anyRequest().authenticated()
.and().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
}
这是调用的 userDetailsService:
public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
Optional<User> user = userRepository.findByUserName(userName);
System.out.println(user.toString());
user.orElseThrow(() -> new UsernameNotFoundException("Not found:" + userName));
return user.map(MyUserDetails::new).get();
这是用户存储库:
public interface UserRepository extends JpaRepository<User, Integer> {
Optional<User> findByUserName(String userName);
}
和 AuthenticationRequest 类(至少是构造函数):
public AuthenticationRequest(String username, String password) {
this.username = username;
this.password = password;
}