Java Spring Security httpBasic 404以获取正确的凭据
在我的react应用程序中,我调用spring security基本登录:Java Spring Security httpBasic 404以获取正确的凭据,java,reactjs,spring,authentication,spring-security,Java,Reactjs,Spring,Authentication,Spring Security,在我的react应用程序中,我调用spring security基本登录: e.preventDefault(); const username = states.username; const password = states.password; fetch('/api/login', { method: 'post', headers: { Au
e.preventDefault();
const username = states.username;
const password = states.password;
fetch('/api/login', {
method: 'post',
headers: {
Authorization: 'Basic ' + window.btoa(username + ':' + password),
},
}).then((resp) => {
console.log(resp);
return resp.text();
});
SecurityConfig.java:
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/api/login").authenticated()
.and()
.httpBasic();
}
}
问题是,当在登录页面上输入正确的凭据(spring security的默认值:用户名“user”和生成的密码)时,我在控制台中得到的响应是:
POST https://localhost:3000/api/login 404 (Not Found)
Response {type: "basic", url: "https://localhost:3000/api/login", redirected: false, status: 404, ok: false, …}
body: (...)
bodyUsed: true
headers: Headers {}
ok: false
redirected: false
status: 404
statusText: "Not Found"
type: "basic"
url: "https://localhost:3000/api/login"
__proto__: Response
输入不正确的凭据时,将显示“基本身份验证”弹出窗口
并且没有任何凭据被视为有效–在尝试登录后,弹出窗口会不断重新出现
我遗漏了什么?我认为这是因为您正在保护登录端点,因此您创建了一个费解的循环-您必须通过身份验证才能进行身份验证 将您的
antMatchers
行更改为:
.antMatchers("/api/login").permitAll()
.and()
.formLogin()
.loginProcessingUrl("/api/login")
您是否在
https://localhost:3000/api/login
处理请求?是的,后端已配置并正在运行,而且它会收到请求显示您的控制器方法,用于/api/login
。