Java 正在尝试在postman中验证用户-获取一个;403禁止;
因此,我正在学习一本书中的教程,关于如何通过SpringSecurity实现用户身份验证。这很基本,但有些东西不起作用。它与我同事的代码相同,但我的代码工作起来并不奇怪。我将非常感谢在这件事上的每一个帮助。我正在使用Kotlin 因此,我的后端有两个类: AuthorizationServerConfig.kt:Java 正在尝试在postman中验证用户-获取一个;403禁止;,java,spring,spring-boot,kotlin,spring-security,Java,Spring,Spring Boot,Kotlin,Spring Security,因此,我正在学习一本书中的教程,关于如何通过SpringSecurity实现用户身份验证。这很基本,但有些东西不起作用。它与我同事的代码相同,但我的代码工作起来并不奇怪。我将非常感谢在这件事上的每一个帮助。我正在使用Kotlin 因此,我的后端有两个类: AuthorizationServerConfig.kt: @Configuration @EnableAuthorizationServer class AuthorizationServerConfig(private val userDe
@Configuration
@EnableAuthorizationServer
class AuthorizationServerConfig(private val userDetailService: UserDetailsService, private val
authenticationManager: AuthenticationManager): AuthorizationServerConfigurerAdapter() {
@Throws(Exception::class)
override fun configure(clients: ClientDetailsServiceConfigurer){
clients
.inMemory()
.withClient("mycompany")
.secret("thisissecret")
.authorities("USER","ADMIN")
.scopes("all")
.authorizedGrantTypes("password","client_credentials")
}
@Throws(Exception::class)
override fun configure(endpoints: AuthorizationServerEndpointsConfigurer?) {
super.configure(endpoints)
endpoints?.authenticationManager(authenticationManager)
?.userDetailsService(userDetailService)
}
}
@Configuration
@EnableWebSecurity(debug = true)
class SecurityConfig(): WebSecurityConfigurerAdapter(){
@Throws(Exception::class)
override fun configure(auth: AuthenticationManagerBuilder){
auth.inMemoryAuthentication()
.withUser("user").password("123456").roles("USER")
.and()
.withUser("admin").password("123456").roles("USER", "ADMIN")
}
@Throws(Exception::class)
override fun configure(http: HttpSecurity){
http.authorizeRequests()
.anyRequest()
.authenticated()
}
@Bean
@Throws(Exception::class)
override fun userDetailsServiceBean(): UserDetailsService {
return super.userDetailsServiceBean()
}
@Bean
@Throws(Exception::class)
override fun authenticationManagerBean(): AuthenticationManager {
return super.authenticationManagerBean()
}
@Suppress("DEPRECATION")
@Bean
open fun passwordEncoder(): NoOpPasswordEncoder {
return NoOpPasswordEncoder.getInstance() as NoOpPasswordEncoder
}
}
@Configuration
@EnableAuthorizationServer
class AuthorizationServerConfig(private val userDetailService: UserDetailsService, private val
authenticationManager: AuthenticationManager): AuthorizationServerConfigurerAdapter() {
@Throws(Exception::class)
override fun configure(clients: ClientDetailsServiceConfigurer){
clients
.inMemory()
.withClient("mycompany")
.secret("thisissecret")
.authorities("USER","ADMIN")
.scopes("all")
.authorizedGrantTypes("password","client_credentials")
}
@Throws(Exception::class)
override fun configure(endpoints: AuthorizationServerEndpointsConfigurer?) {
super.configure(endpoints)
endpoints?.authenticationManager(authenticationManager)
?.userDetailsService(userDetailService)
}
}
@Configuration
@EnableWebSecurity(debug = true)
class SecurityConfig(): WebSecurityConfigurerAdapter(){
@Throws(Exception::class)
override fun configure(auth: AuthenticationManagerBuilder){
auth.inMemoryAuthentication()
.withUser("user").password("123456").roles("USER")
.and()
.withUser("admin").password("123456").roles("USER", "ADMIN")
}
@Throws(Exception::class)
override fun configure(http: HttpSecurity){
http.authorizeRequests()
.anyRequest()
.authenticated()
}
@Bean
@Throws(Exception::class)
override fun userDetailsServiceBean(): UserDetailsService {
return super.userDetailsServiceBean()
}
@Bean
@Throws(Exception::class)
override fun authenticationManagerBean(): AuthenticationManager {
return super.authenticationManagerBean()
}
@Suppress("DEPRECATION")
@Bean
open fun passwordEncoder(): NoOpPasswordEncoder {
return NoOpPasswordEncoder.getInstance() as NoOpPasswordEncoder
}
}
但是,点击“发送”,我得到了一个
403禁止v1auth