堆栈内存溢出
  繁体   English   中英

Spring Boot 安全性 - Postman 提供 401 Unauthorized

[英]Spring Boot Security - Postman gives 401 Unauthorized

 原文  2019-02-19 04:29:59       java/ spring/ spring-boot/ spring-security/ postman

问题描述

我正在 Spring Boot 中开发 rest API。 我能够进行 CRUD 操作并且邮递员给出正确的响应,但是当我添加 Spring Security 用户名和密码时,邮递员给出 401 Unauthorized。

我提供了一个 spring boot 安全用户名和密码,如下所示。

application.proptries

spring.jpa.hibernate.ddl-auto=update
spring.datasource.platform=mysql
spring.datasource.url=jdbc:mysql://localhost:3306/pal?createDatabaseIfNotExist=true
spring.datasource.username=root
spring.datasource.password=
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
spring.jpa.properties.hibernate.dialect = org.hibernate.dialect.MySQL5Dialect
spring.security.user.name=root
spring.security.user.password=root

我已经使用用户名作为 root 和密码作为 root 完成了基本身份验证。 预览请求提供标题更新成功消息:

在此处输入图片说明

编辑我已经删除了邮递员中的 cookie 但仍然面临同样的问题

SecurityConfing.java
My Security Configuration are as below. 
import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.jdbc.datasource.DriverManagerDataSource;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
@Order(1000)
public class SecurityConfig extends WebSecurityConfigurerAdapter{


    public void configureGlobal(AuthenticationManagerBuilder authenticationMgr) throws Exception {

        authenticationMgr.jdbcAuthentication().dataSource(dataSource())
          .usersByUsernameQuery(
           "select email,password from user where email=? and statusenable=true")
          .authoritiesByUsernameQuery(
           "select email,role from user where email=? and statusenable=true");

        System.out.println(authenticationMgr.jdbcAuthentication().dataSource(dataSource())
          .usersByUsernameQuery(
           "select email,password from user where email=? and statusenable=true")
          .authoritiesByUsernameQuery(
           "select email,role from user where email=? and statusenable=true"));
    }

    @Bean(name = "dataSource")
     public DriverManagerDataSource dataSource() {
         DriverManagerDataSource driverManagerDataSource = new DriverManagerDataSource();
         driverManagerDataSource.setDriverClassName("com.mysql.cj.jdbc.Driver");
         driverManagerDataSource.setUrl("jdbc:mysql://localhost:3306/pal");
         driverManagerDataSource.setUsername("root");
         driverManagerDataSource.setPassword("");
         return driverManagerDataSource;
     }

    @Override
     protected void configure(HttpSecurity http) throws Exception {
    http
    .csrf().disable()
    .authorizeRequests().antMatchers("/login").permitAll()
    .anyRequest().authenticated()
    .and()
    .formLogin().loginPage("/login").permitAll()
    .and()
    .authorizeRequests().antMatchers("/admin/**").hasAnyRole("ROLE_ADMIN","ROLE_USER").anyRequest().permitAll()
    .and()
    .authorizeRequests().antMatchers("/user/**").hasAnyRole("ROLE_USER").anyRequest().permitAll();

}

2 个解决方案

解决方案1
 10 已采纳  2019-02-19 07:41:57

@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
       http.csrf().disable().authorizeRequests()
        .antMatchers("/").permitAll()
        .antMatchers(HttpMethod.POST,"/newuser").permitAll()
        .antMatchers(HttpMethod.POST, "/login").permitAll()
        .antMatchers(HttpMethod.POST,"/newuser/*").permitAll()
        .antMatchers(HttpMethod.GET,"/master/*").permitAll()
         .antMatchers(HttpMethod.GET,"/exploreCourse").permitAll()
        .anyRequest().authenticated()
    }
}

您需要配置 Spring Security,默认情况下所有路由都受到授权保护。

请在此链接中查看 JWT 令牌实现。

解决方案2
 0  2021-01-14 10:21:52

如果 spring boot 需要授权,在根配置类下面注释。

@EnableAuthorizationServer
( and other required annotations)
public class Application{
....
....
}

还需要添加以下依赖项

<dependency>
            <groupId>org.springframework.security.oauth.boot</groupId>
            <artifactId>spring-security-oauth2-autoconfigure</artifactId>
        </dependency>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Postman 给出 401 Unauthorized - “spring boot security” Spring 引导 401 未授权 Postman 错误 401 在 spring 启动/spring 安全中未经授权 在 Spring Boot JPA 中使用 spring 安全 BCrypt 时出现 401 未授权 Spring Boot Security 不会抛出 401 Unauthorized Exception 但 404 Not Found Spring Security - 401 未经授权的访问 Spring 安全中的 401 未经授权的错误 401 未授权 spring 开机测试 Java Spring Boot - 未经授权,邮递员 如何使用 Spring Boot 和 Postman 将 Excel 文件上传到 MySQL 数据库? - 状态:401 未经授权
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM