Spring boot Spring Security基本身份验证始终获得401
我正在学习Spring,并将Spring安全性集成到当前的API中。为了简单起见,我从basicauth开始 但是,我面临的问题是,如果我不提供凭据,我会得到标准401和JSON响应:Spring boot Spring Security基本身份验证始终获得401,spring-boot,spring-security,Spring Boot,Spring Security,我正在学习Spring,并将Spring安全性集成到当前的API中。为了简单起见,我从basicauth开始 但是,我面临的问题是,如果我不提供凭据,我会得到标准401和JSON响应: { "timestamp": "2018-07-07T18:40:00.752+0000", "status": 401, "error": "Unauthorized", "message": "Unauthorized", "path": "/courses" } 但
{
"timestamp": "2018-07-07T18:40:00.752+0000",
"status": 401,
"error": "Unauthorized",
"message": "Unauthorized",
"path": "/courses"
}
但如果我通过了正确的认证,我会得到401,但没有任何回复
这是我的网站安全配置
:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
DetailsService detailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(detailsService)
.passwordEncoder(User.encoder);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated()
.and()
.httpBasic()
.and()
.csrf().disable();
}
}
这是我的详细信息服务
:
@Component
public class DetailsService implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userRepository.findByEmail(username);
if (user == null) {
throw new UsernameNotFoundException("User with email " + username + " was not found");
}
return new org.springframework.security.core.userdetails.User(
user.getEmail(),
user.getPassword(),
AuthorityUtils.createAuthorityList(user.getRoles())
);
}
}
我应该指出,我是通过电子邮件而不是用户名查找用户
这是我的用户实体:
@Entity
@Table(name = "users")
public class User extends BaseEntity {
public static final PasswordEncoder encoder = new BCryptPasswordEncoder();
@Column(name = "first_name")
private String firstName;
@JoinColumn(name = "last_name")
private String lastName;
private String email;
@JsonIgnore
private String password;
@JsonIgnore
private String[] roles;
public User(String email, String firstName, String lastName, String password,
String[] roles) {
this.firstName = firstName;
this.lastName = lastName;
this.email = email;
setPassword(password);
this.roles = roles;
}
// getters and setters
}
首先:检查
user.getRoles()
是否未引发LazyInitializationException
第二:如果hash是在线生成的,
BCryptPasswordEncoder
如何将BasicAuth
的用户名和密码传递到后端?@rieckpil我使用的是postman,因此它允许使用BasicAuth