首页 > 编程语言> > java – Spring Security在基本身份验证后抛出403

java – Spring Security在基本身份验证后抛出403

2019-08-23 22:00:06 作者：互联网

我使用Spring Security进行基本身份验证来保护我的REST API.

以下是配置代码：

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication()
                .withUser("user")
                    .password("password")
                    .roles("admin");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http
            .csrf().disable()
            .authorizeRequests()
                .anyRequest().authenticated();
    }
}

我在使用正确的用户名和密码验证自己时遇到了禁止(403)错误.

请建议修改以使其正常工作.

解决方法:

您尚未启用HTTP基本身份验证,您必须使用HttpSecurity.httpBasic()

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter{


    @Autowired
    public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception{
        auth.inMemoryAuthentication().withUser("user").password("password").roles("admin");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.csrf().disable()
                .httpBasic()
                .authorizeRequests()
                    .anyRequest().authenticated();
    }

}

标签：java,spring,spring-security,basic-authentication
来源： https://codeday.me/bug/20190823/1701774.html