使用RestSharp对AC＃客户端进行身份验证到Spring-boot服务器中

Question

我有一个运行spring-security的基于spring-boot的服务器应用程序。

我的客户端是基于c＃的Windows桌面客户端，我正在使用RestSharp库。 如果我取消弹簧安全装置，它会像魅力一样发挥作用。 当我尝试使用Spring Security在服务器中对客户端进行身份验证时，它永远不会成功。

static void Main(string[] args)
{

    var client = new RestClient();
    Uri baseUrl = new Uri("http://localhost:8080/POC-WebApplication");
    client.BaseUrl = baseUrl;
    client.Authenticator = new HttpBasicAuthenticator("user", "password");
    var request = new RestRequest("/nuevosusuarios", Method.POST);
    request.AddParameter("json", "[{\"name\":\"uuuuu\",\"id\":11101,\"birthday\":\"12/02/2012\"},{\"name\":\"zzzzzz\",\"id\":444644,\"birthday\":\"12/02/2012\"}]");
    client.Execute(request);
}

我已经仔细检查了用户名和密码是否正确，因此到目前为止，它并不是一个错字。

读取弹簧日志：

00:46:33.293 [http-apr-8080-exec-15] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using NegatedRequestMatcher [requestMatcher=Ant [pattern='/**/favicon.ico']]
00:46:33.294 [http-apr-8080-exec-15] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/nuevosusuarios'; against '/**/favicon.ico'
00:46:33.294 [http-apr-8080-exec-15] DEBUG o.s.s.w.u.m.NegatedRequestMatcher - matches = true
00:46:33.299 [http-apr-8080-exec-15] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@3623e183, matchingMediaTypes=[application/json], useEquals=false, ignoredMediaTypes=[*/*]]]
00:46:33.300 [http-apr-8080-exec-15] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - httpRequestMediaTypes=[application/json, application/xml, text/json, text/x-json, text/javascript, text/xml]
00:46:33.304 [http-apr-8080-exec-15] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing application/json
00:46:33.304 [http-apr-8080-exec-15] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/json .isCompatibleWith application/json = true
00:46:33.305 [http-apr-8080-exec-15] DEBUG o.s.s.w.u.m.NegatedRequestMatcher - matches = false
00:46:33.310 [http-apr-8080-exec-15] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Did not match
00:46:33.310 [http-apr-8080-exec-15] DEBUG o.s.s.w.s.HttpSessionRequestCache - Request not saved as configured RequestMatcher did not match
00:46:33.311 [http-apr-8080-exec-15] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Calling Authentication entry point.
00:46:33.311 [http-apr-8080-exec-15] DEBUG o.s.s.web.DefaultRedirectStrategy - Redirecting to 'http://localhost:8080/POC-WebApplication/login'
00:46:33.315 [http-apr-8080-exec-15] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
00:46:33.316 [http-apr-8080-exec-15] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
00:46:33.323 [http-apr-8080-exec-16] DEBUG o.s.security.web.FilterChainProxy - /login at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
00:46:33.324 [http-apr-8080-exec-16] DEBUG o.s.security.web.FilterChainProxy - /login at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
00:46:33.327 [http-apr-8080-exec-16] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No HttpSession currently exists
00:46:33.327 [http-apr-8080-exec-16] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
00:46:33.328 [http-apr-8080-exec-16] DEBUG o.s.security.web.FilterChainProxy - /login at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
00:46:33.332 [http-apr-8080-exec-16] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@190662e4
00:46:33.333 [http-apr-8080-exec-16] DEBUG o.s.security.web.FilterChainProxy - /login at position 4 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
00:46:33.333 [http-apr-8080-exec-16] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/login'; against '/error.html'
00:46:33.338 [http-apr-8080-exec-16] DEBUG o.s.security.web.FilterChainProxy - /login at position 5 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
00:46:33.338 [http-apr-8080-exec-16] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /login' doesn't match 'POST /login
00:46:33.344 [http-apr-8080-exec-16] DEBUG o.s.security.web.FilterChainProxy - /login at position 6 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
00:46:33.344 [http-apr-8080-exec-16] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
00:46:33.349 [http-apr-8080-exec-16] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed

我看到了一些有趣的东西：osswumAntPathRequestMatcher-请求'GET / login'与'POST / login'不匹配

可能是线索吗？

提前致谢。

Answer 1

最终我知道了失败的原因。 在spring安全选项中，没有指定httpBasic模式。