Warning: file_get_contents(/data/phpspider/zhask/data//catemap/5/spring-mvc/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
带有Spring安全性(5.0.7)基本身份验证的Spring MVC(5.0.8)不工作_Spring_Spring Mvc_Spring Security - Fatal编程技术网
Fatal编程技术网
  • spring/
  • 带有Spring安全性(5.0.7)基本身份验证的Spring MVC(5.0.8)不工作

带有Spring安全性(5.0.7)基本身份验证的Spring MVC(5.0.8)不工作

spring spring-mvc spring-security

带有Spring安全性(5.0.7)基本身份验证的Spring MVC(5.0.8)不工作,spring,spring-mvc,spring-security,Spring,Spring Mvc,Spring Security,我试图在我的SpringMVC应用程序中启用Spring安全性,该应用程序提供一些RESTWeb服务(Java8)。我的问题是,无论我做什么,授权根本不起作用。我可以在没有任何凭据的情况下访问我的REST端点。我使用本手册: Git repo和我的应用程序的完整代码如下: java如下所示 @EnableWebSecurity @Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter {

我试图在我的SpringMVC应用程序中启用Spring安全性,该应用程序提供一些RESTWeb服务(Java8)。我的问题是,无论我做什么,授权根本不起作用。我可以在没有任何凭据的情况下访问我的REST端点。我使用本手册:

Git repo和我的应用程序的完整代码如下:

java如下所示

@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()                 
            .withUser(Secret.user).password("{noop}" + Secret.password).roles("USER");       
    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
//         http
//           .csrf()
//               .disable()
//           .authorizeRequests().antMatchers("/**").permitAll()
//               .anyRequest().authenticated()
//           .and()
//           .httpBasic()
//               .realmName("test")
//               .authenticationEntryPoint(new CustomAuthenticationEntryPoint());
        http.authorizeRequests().anyRequest().denyAll();
    }
}
AppConfig.java

@Configuration
@Import(SecurityConfig.class)
@EnableWebMvc
@EnableSpringDataWebSupport
@EnableTransactionManagement
@EnableJpaRepositories(basePackages = {"pl.jeleniagora.mks.dao.repository"})
@ComponentScan("pl.jeleniagora.mks")
public class AppConfig{
// beans and app config
}
web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" id="WebApp_ID" version="3.1">
  <display-name>MKS_JG_ONLINE</display-name>
    <context-param>
      <param-name>contextClass</param-name>
      <param-value>
         org.springframework.web.context.support.AnnotationConfigWebApplicationContext
      </param-value>
   </context-param>
   <context-param>
      <param-name>contextConfigLocation</param-name>
      <param-value>pl.jeleniagora.mks.ws.config</param-value>
   </context-param>
   <listener>
      <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
   </listener>

   <servlet>
      <servlet-name>rest</servlet-name>
      <servlet-class>
         org.springframework.web.servlet.DispatcherServlet
      </servlet-class>
      <init-param>
         <param-name>contextClass</param-name>
         <param-value>
            org.springframework.web.context.support.AnnotationConfigWebApplicationContext
         </param-value>
      </init-param>
      <init-param>
         <param-name>contextConfigLocation</param-name>
         <param-value>pl.jeleniagora.mks.ws.controllers</param-value>
      </init-param>
      <load-on-startup>1</load-on-startup>
   </servlet>
   <servlet-mapping>
      <servlet-name>rest</servlet-name>
      <url-pattern>/*</url-pattern>
   </servlet-mapping>

   <welcome-file-list>
      <welcome-file />
   </welcome-file-list>

</web-app>


MKS_JG_在线
上下文类
org.springframework.web.context.support.AnnotationConfigWebApplicationContext
上下文配置位置
pl.jeleniagora.mks.ws.config
org.springframework.web.context.ContextLoaderListener
休息
org.springframework.web.servlet.DispatcherServlet
上下文类
org.springframework.web.context.support.AnnotationConfigWebApplicationContext
上下文配置位置
pl.jeleniagora.mks.ws.controllers
1.
休息
/*
在调试模式下启动Tomcat 8.5时,我看到SecurityConfig加载(在configure和configureGlobal中的断点处停止执行)。我做错了什么?

Spring安全性要求在安全配置旁边注册一个servlet过滤器

将以下内容添加到
web.xml
(已解释)

然后添加一个引导/配置Spring安全过滤器的过滤器

public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer { }
现在一切都是用Java配置的,您可以不用
web.xml

您没有在
web.xml
中配置spring安全过滤器。应用安全性需要此筛选器。看见 
public class MvcWebApplicationInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {

    @Override
    public Class<?>[] getServletConfigClasses() {
      return new Class[] { WebConfig.class }; // or whatever it is called or return `null`
    }

    @Override
    protected Class<?>[] getRootConfigClasses() {
        return new Class[] { AppConfig.class };
    }
}

public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer { }