Fatal编程技术网
  • spring-boot/
  • Spring boot Spring Security基本身份验证始终获得401

Spring boot Spring Security基本身份验证始终获得401

spring-boot spring-security

Spring boot Spring Security基本身份验证始终获得401,spring-boot,spring-security,Spring Boot,Spring Security,我正在学习Spring,并将Spring安全性集成到当前的API中。为了简单起见,我从basicauth开始 但是,我面临的问题是,如果我不提供凭据,我会得到标准401和JSON响应: { "timestamp": "2018-07-07T18:40:00.752+0000", "status": 401, "error": "Unauthorized", "message": "Unauthorized", "path": "/courses" } 但

我正在学习Spring,并将Spring安全性集成到当前的API中。为了简单起见,我从basicauth开始

但是,我面临的问题是,如果我不提供凭据,我会得到标准401和JSON响应:

{
    "timestamp": "2018-07-07T18:40:00.752+0000",
    "status": 401,
    "error": "Unauthorized",
    "message": "Unauthorized",
    "path": "/courses"
}
但如果我通过了正确的认证,我会得到401,但没有任何回复

这是我的
网站安全配置

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
  @Autowired
  DetailsService detailsService;

  @Override
  protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(detailsService)
        .passwordEncoder(User.encoder);
  }

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
        .anyRequest().authenticated()
        .and()
        .httpBasic()
        .and()
        .csrf().disable();
  }
}
这是我的
详细信息服务

@Component
public class DetailsService implements UserDetailsService {

  @Autowired
  private UserRepository userRepository;

  @Override
  public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
    User user = userRepository.findByEmail(username);
    if (user == null) {
      throw new UsernameNotFoundException("User with email " + username + " was not found");
    }
    return new org.springframework.security.core.userdetails.User(
        user.getEmail(),
        user.getPassword(),
        AuthorityUtils.createAuthorityList(user.getRoles())
    );
  }
}
我应该指出,我是通过电子邮件而不是用户名查找用户

这是我的用户实体:

@Entity
@Table(name = "users")
public class User extends BaseEntity {
  public static final PasswordEncoder encoder = new BCryptPasswordEncoder();

  @Column(name = "first_name")
  private String firstName;
  @JoinColumn(name = "last_name")
  private String lastName;
  private String email;
  @JsonIgnore
  private String password;
  @JsonIgnore
  private String[] roles;

  public User(String email, String firstName, String lastName, String password,
      String[] roles) {
    this.firstName = firstName;
    this.lastName = lastName;
    this.email = email;
    setPassword(password);
    this.roles = roles;
  }

// getters and setters
}
首先:检查
user.getRoles()
是否未引发
LazyInitializationException

第二:如果hash是在线生成的,
BCryptPasswordEncoder

如何将
BasicAuth
的用户名和密码传递到后端?@rieckpil我使用的是postman,因此它允许使用BasicAuth