Java 正在尝试在postman中验证用户-获取一个;403禁止;
因此,我正在学习一本书中的教程,关于如何通过SpringSecurity实现用户身份验证。这很基本,但有些东西不起作用。它与我同事的代码相同,但我的代码工作起来并不奇怪。我将非常感谢在这件事上的每一个帮助。我正在使用Kotlin 因此,我的后端有两个类: AuthorizationServerConfig.kt:Java 正在尝试在postman中验证用户-获取一个;403禁止;,java,spring,spring-boot,kotlin,spring-security,Java,Spring,Spring Boot,Kotlin,Spring Security,因此,我正在学习一本书中的教程,关于如何通过SpringSecurity实现用户身份验证。这很基本,但有些东西不起作用。它与我同事的代码相同,但我的代码工作起来并不奇怪。我将非常感谢在这件事上的每一个帮助。我正在使用Kotlin 因此,我的后端有两个类: AuthorizationServerConfig.kt: @Configuration @EnableAuthorizationServer class AuthorizationServerConfig(private val userDe
@Configuration
@EnableAuthorizationServer
class AuthorizationServerConfig(private val userDetailService: UserDetailsService, private val
authenticationManager: AuthenticationManager): AuthorizationServerConfigurerAdapter() {
@Throws(Exception::class)
override fun configure(clients: ClientDetailsServiceConfigurer){
clients
.inMemory()
.withClient("mycompany")
.secret("thisissecret")
.authorities("USER","ADMIN")
.scopes("all")
.authorizedGrantTypes("password","client_credentials")
}
@Throws(Exception::class)
override fun configure(endpoints: AuthorizationServerEndpointsConfigurer?) {
super.configure(endpoints)
endpoints?.authenticationManager(authenticationManager)
?.userDetailsService(userDetailService)
}
}
@Configuration
@EnableWebSecurity(debug = true)
class SecurityConfig(): WebSecurityConfigurerAdapter(){
@Throws(Exception::class)
override fun configure(auth: AuthenticationManagerBuilder){
auth.inMemoryAuthentication()
.withUser("user").password("123456").roles("USER")
.and()
.withUser("admin").password("123456").roles("USER", "ADMIN")
}
@Throws(Exception::class)
override fun configure(http: HttpSecurity){
http.authorizeRequests()
.anyRequest()
.authenticated()
}
@Bean
@Throws(Exception::class)
override fun userDetailsServiceBean(): UserDetailsService {
return super.userDetailsServiceBean()
}
@Bean
@Throws(Exception::class)
override fun authenticationManagerBean(): AuthenticationManager {
return super.authenticationManagerBean()
}
@Suppress("DEPRECATION")
@Bean
open fun passwordEncoder(): NoOpPasswordEncoder {
return NoOpPasswordEncoder.getInstance() as NoOpPasswordEncoder
}
}
第二类,SecurityConfig.kt:
@Configuration
@EnableAuthorizationServer
class AuthorizationServerConfig(private val userDetailService: UserDetailsService, private val
authenticationManager: AuthenticationManager): AuthorizationServerConfigurerAdapter() {
@Throws(Exception::class)
override fun configure(clients: ClientDetailsServiceConfigurer){
clients
.inMemory()
.withClient("mycompany")
.secret("thisissecret")
.authorities("USER","ADMIN")
.scopes("all")
.authorizedGrantTypes("password","client_credentials")
}
@Throws(Exception::class)
override fun configure(endpoints: AuthorizationServerEndpointsConfigurer?) {
super.configure(endpoints)
endpoints?.authenticationManager(authenticationManager)
?.userDetailsService(userDetailService)
}
}
@Configuration
@EnableWebSecurity(debug = true)
class SecurityConfig(): WebSecurityConfigurerAdapter(){
@Throws(Exception::class)
override fun configure(auth: AuthenticationManagerBuilder){
auth.inMemoryAuthentication()
.withUser("user").password("123456").roles("USER")
.and()
.withUser("admin").password("123456").roles("USER", "ADMIN")
}
@Throws(Exception::class)
override fun configure(http: HttpSecurity){
http.authorizeRequests()
.anyRequest()
.authenticated()
}
@Bean
@Throws(Exception::class)
override fun userDetailsServiceBean(): UserDetailsService {
return super.userDetailsServiceBean()
}
@Bean
@Throws(Exception::class)
override fun authenticationManagerBean(): AuthenticationManager {
return super.authenticationManagerBean()
}
@Suppress("DEPRECATION")
@Bean
open fun passwordEncoder(): NoOpPasswordEncoder {
return NoOpPasswordEncoder.getInstance() as NoOpPasswordEncoder
}
}
依赖关系都已实现
注意:代码在我同事的电脑上运行。我只是在使用他的代码
我在这里干什么
我想通过邮递员认证。这就是我正在尝试的:
我的身体里也有这个:
但是,点击“发送”,我得到了一个
403禁止
。我不知道我做错了什么。有人能给我指出正确的方向并解释我做错了什么吗?多谢各位 您能否尝试只传递一种授权类型,即密码。您可以克隆这个git repo,t拥有与您尝试的几乎相同的代码,它可以工作。也不确定,为什么要在端口后附加v1,是api根上下文吗?谢谢,但不再需要了。问题是你刚才提到的v1。当我从路径中删除v1
和auth
时,它成功了。很高兴它起到了作用。@Mahesh_Loya你介意看我最近的帖子吗?当然可以。请查看各自的帖子。