1
我正在尝试使用Spring安全性进行基本身份验证。我也想通过URL(用户名:[email protected])。授权头的设置是否正确,当我做这样一个HTTP请求,也在这里是我的SecurityConfig:“401:错误凭据”在Spring Boot中通过url进行基本身份验证
12 @Configuration
13 @EnableGlobalMethodSecurity(prePostEnabled = true)
14 @EnableWebSecurity
15 public class SecurityConfig extends WebSecurityConfigurerAdapter {
16
17 @Override
18 protected void configure(HttpSecurity http) throws Exception {
19 http.authorizeRequests()
20 .antMatchers("/login").permitAll()
21 .antMatchers("/admin/**").hasRole("ADMIN")
22 .anyRequest().authenticated();
23 http.httpBasic();
24 http.csrf().disable();
25 }
26
27 @Autowired
28 public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
29 auth.inMemoryAuthentication()
30 .withUser("user").password("pwd1").roles("USER").and()
31 .withUser("admin").password("pwd2").roles("ADMIN", "USER");
32 }
33
34 }
这里是我的AdminController:
24 @PreAuthorize("hasRole('ADMIN')")
25 @RequestMapping(value="/admin")
26 @Controller
27 public class AdminController {
154 @RequestMapping(value="/", method=RequestMethod.GET)
155 public String admin(Model model) {
156 return Constants.ADMIN_TEMPLATE;
157 }
177 }
,当我尝试做出那样的请求:
admin:[email protected]:3000/admin
我得到“401:Bad Credentials”。这是为什么发生? (我也尝试通过restclient与授权标题请求相同的结果)
谢谢。