Spring Boot安全-Basic身份验证
Spring Boot安全-Basic身份验证
提问于 2020-06-25 19:26:33
我正在使用spring boot secuirty来实现基本的认证。下面是我的代码.My基于角色的授权被绕过,基本身份验证不起作用,.Without凭据,我的服务给出响应,没有抛出任何错误,当我传递错误的凭据时,.It没有抛出任何错误.How修复这个错误.Can有人建议吗?
package com.agcs.cids.security;
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
// Authentication : User --> Roles
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication().withUser("user1").password("Secret1").roles("USER");
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/id").hasAuthority("USER");
}
}我的控制器类有多个端点:
@RestController
@RequestMapping(value = "/claims", produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
public class Controller {
/**
* @param policyIdentifier
* @param lineOfBusiness
* @param broker
* @return
*/
@RequestMapping(value = "/search", method = RequestMethod.GET)
public Object getClaimsBySearchCriteria(@RequestParam(value = "id") String userId ) throws ParseException, JsonProcessingException, javax.xml.bind.ValidationException {
Query query = new Query();
// int queryLimit = 1000;
if (policyIdentifier != null && !policyIdentifier.isEmpty())
query.addCriteria(Criteria.where("Common.PolicyId").is(policyIdentifier));
List<Claims> claims = mongoOps.find(query, Claims.class);
LOG.info("Claims returned: " + claims.toString());
return claims;
}
@RequestMapping(value = "/", method = RequestMethod.GET)
public void getClaimsService() {
LOG.info("Claims service is available");
}
@RequestMapping(value = "/id/", method = RequestMethod.GET)
public String getClaims(@RequestParam(value = "userId") String userId,
@RequestParam(value = "id") String id) throws JsonProcessingException {
MongoDatabase database = this.mongoClient.getDatabase(this.database);
MongoCollection<Document> collection = database.getCollection(this.collection);
Document query = new Document("_id", new ObjectId(id));
FindIterable<Document> documentCursor = collection.find(query);
List<Document> claimsUpdatedList = null;
for (Document doc : documentCursor) {
claimsUpdatedList = new ArrayList<>();
if (null != doc.get("Common")) {
Document common = (Document) doc.get("Common");
if (null != common.get("EffectiveDate")) {
Date date = (Date) common.get("EffectiveDate");
common.put("EffectiveDate",convertDate(date));
}
if (null != common.get("ExpirationDate")) {
Date date = (Date) common.get("ExpirationDate");
common.put("ExpirationDate",convertDate(date));
}
doc.put("Common",common);
claimsUpdatedList.add(doc);
}
}
JsonWriterSettings writerSettings = JsonWriterSettings.builder().outputMode(JsonMode.SHELL).indent(true).build();
return claimsUpdatedList != null ? claimsUpdatedList.get(0).toJson(writerSettings) : null;
}
}回答 3
Stack Overflow用户
发布于 2020-06-26 03:41:58
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication().withUser("user1").password("{noop}Secret1").roles("USER");
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/claims/id/").hasRole("USER")
.and()
.httpBasic();
}
}基本身份验证路径是基本身份验证,而不是将前缀定义为角色名称,而不是授权名称,因此需要使用hasRole()
- call
- to to
/claims/id/-USER(10.10.2. Basic Authentication)
- add a prefix
httpBasic()to
Stack Overflow用户
发布于 2020-06-25 20:03:04
你就快到了。
使用.antMatchers("/id/**").hasRole("USER");而不是.antMatchers("/id").hasAuthority("USER");
Stack Overflow用户
发布于 2020-06-25 20:33:49
尝尝这个
http.csrf().disable().authorizeRequests()
.antMatchers("/id/**").hasAnyRole("USER").and()
.authorizeRequests().antMatchers("/").permitAll();页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/62574231
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号