Java Spring安全配置-403禁止
我使用Spring5.0.7.RELEASE,我需要为我的spring应用程序添加基本身份验证,这是一个非常旧的应用程序。这就是为什么它使用注册配置类的旧方法。我添加了Java Spring安全配置-403禁止,java,spring,rest,spring-security,basic-authentication,Java,Spring,Rest,Spring Security,Basic Authentication,我使用Spring5.0.7.RELEASE,我需要为我的spring应用程序添加基本身份验证,这是一个非常旧的应用程序。这就是为什么它使用注册配置类的旧方法。我添加了SecurityConfig类,并将其导入SpringMvcConfig中,如下所示 @Configuration @EnableWebMvc @ComponentScan( basePackages = { "com.test" }, excludeFilters = {
SecurityConfig
类,并将其导入SpringMvcConfig
中,如下所示
@Configuration
@EnableWebMvc
@ComponentScan( basePackages = {
"com.test" },
excludeFilters = {
@ComponentScan.Filter( Configuration.class )
} )
@ImportResource("classpath:/spring-context.xml")
@EnableSwagger2
@Import({SwaggerConfig.class, SecurityConfig.class})
public class SpringMvcConfig extends WebMvcConfigurationSupport {
@Autowired private ApplicationContext applicationContext;
private static final String[] RESOURCE_BUNDLES = new String[] { "MessageResources" };
private static final String[] YAML_RESOURCE_BUNDLES = new String[] { "messages" };
/**
* Configures the Jackson object mapper
*/
@Bean( name = "objectMapper" )
public ObjectMapper getObjectMapper( JacksonService jacksonService ) {
return jacksonService.getObjectMapper();
}
/**
* Configures the ApplicationContextProvider
*/
@Bean( name = "applicationContextProvider" )
public ApplicationContextProvider getApplicationContextProvider() {
return new ApplicationContextProvider();
}
}
下面是web.xml
<servlet>
<servlet-name>springmvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
<init-param>
<param-name>contextClass</param-name>
<param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext</param-value>
</init-param>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>com.test.SpringMvcConfig</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>springmvc</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Spring Security Configuration -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
我得到一个403禁止服务器理解请求,但拒绝授权。我还补充说
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
}
你在你的主类中尝试过这个
@Import(value={SecurityConfig.class})
吗?我尝试过这个,发生的情况是,在启动时,类启动了,但我的身份验证仍然不起作用,这意味着我可以在不使用用户名和密码的情况下访问我的端点,因此您需要在web.xml中创建委派筛选器代理链,创建一个WebAppInitializer类,该类扩展AbstractAnnotationConfigDispatchers Servletilizer此示例将帮助您。嗯,尝试了这个方法,但目前为止运气不佳。您是否错过了springSecurityFilterChain
servlet过滤器?我在您的配置中没有看到它。
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
}