Java Spring security basic auth也为403提供了正确的密码
您好,我正在使用基于java的spring security配置进行基本身份验证,即使使用正确的密码和用户名,它也会给我403错误。配置代码如下所示。当我尝试访问我的端点时,我也会得到相同的结果,该端点已通过@Secured('USER')启用了方法级安全性 }Java Spring security basic auth也为403提供了正确的密码,java,spring,spring-mvc,spring-security,Java,Spring,Spring Mvc,Spring Security,您好,我正在使用基于java的spring security配置进行基本身份验证,即使使用正确的密码和用户名,它也会给我403错误。配置代码如下所示。当我尝试访问我的端点时,我也会得到相同的结果,该端点已通过@Secured('USER')启用了方法级安全性 } 请帮助大家 为什么要配置basic并添加DigestAuthenticationEntryPoint?文摘!=基本。这将启用两种身份验证机制。无论如何,它都可以工作。我认为我使用了错误的角色 @Configuration @Enable
请帮助大家 为什么要配置basic并添加
DigestAuthenticationEntryPoint@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
/*
* (non-Javadoc)
*
* @see org.springframework.security.config.annotation.web.configuration.
* WebSecurityConfigurerAdapter
* #configure(org.springframework.security.config
* .annotation.authentication.builders.AuthenticationManagerBuilder)
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("root").password("hacked").roles("USER");
}
/*
* (non-Javadoc)
*
* @see org.springframework.security.config.annotation.web.configuration.
* WebSecurityConfigurerAdapter
* #configure(org.springframework.security.config
* .annotation.web.builders.HttpSecurity)
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.exceptionHandling().authenticationEntryPoint(digestEndPoint()).
// #session creation policy
and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).
// #Http Basic
and().httpBasic().realmName("HF Integration").
// #Add filter
and().addFilterAfter(digestAuthenticationFilter(), BasicAuthenticationFilter.class);
}
/*
* (non-Javadoc)
*
* @see org.springframework.security.config.annotation.web.configuration.
* WebSecurityConfigurerAdapter#authenticationManagerBean()
*/
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
/*
* (non-Javadoc)
*
* @see org.springframework.security.config.annotation.web.configuration.
* WebSecurityConfigurerAdapter#userDetailsServiceBean()
*/
@Override
@Bean
public UserDetailsService userDetailsServiceBean() throws Exception {
return super.userDetailsServiceBean();
}
/**
* Digest authentication filter.
*
* @return the digest authentication filter
* @throws Exception
* the exception
*/
public DigestAuthenticationFilter digestAuthenticationFilter() throws Exception {
DigestAuthenticationFilter filter = new DigestAuthenticationFilter();
filter.setUserDetailsService(userDetailsServiceBean());
filter.setAuthenticationEntryPoint(digestEndPoint());
return filter;
}
/**
* Digest end point.
*
* @return the digest authentication entry point
*/
public DigestAuthenticationEntryPoint digestEndPoint() {
DigestAuthenticationEntryPoint digestAuthenticationEntryPoint = new DigestAuthenticationEntryPoint();
digestAuthenticationEntryPoint.setRealmName("HF Integration");
digestAuthenticationEntryPoint.setKey("acegi");
return digestAuthenticationEntryPoint;
}