**已关闭。**此问题需要调试详细信息。它目前不接受答案。
**想要改进此问题?**更新问题,使其位于堆栈溢出主题上。
三天前关门。
改进这个问题
我有一个奇怪的问题:
这是我的安全配置(请注意,url的模式 /auth/*
允许在无需身份验证的情况下访问):
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
public final String [] ENDPOINTSPERMIT = { "/auth/*" };
@Bean
@Override
protected AuthenticationManager authenticationManager () throws Exception {
return super.authenticationManager() ;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors()
.and()
.csrf().disable()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers(ENDPOINTSPERMIT).permitAll() // those are perimtted without authentication
.anyRequest().authenticated() // all the other must be authenticated before
.and()
.httpBasic();
}
这是与之相关的控制器 /auth
:
@RestController
@RequestMapping(value = "/auth", produces = "application/json" , method = { RequestMethod.GET, RequestMethod.POST,
RequestMethod.PUT , RequestMethod.DELETE })
public class AuthentificationController {
@Autowired
private TokenUtil tokenUtil;
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private AuthenticationManager auth;
@PostMapping(value = "/signin")
@ResponseStatus(HttpStatus.OK)
public JwtResponse signIn(@RequestBody SignInRequest signInRequest) {
final Authentication authentication = auth.authenticate(
new UsernamePasswordAuthenticationToken(signInRequest.getUsername(), signInRequest.getPassword()));
SecurityContextHolder.getContext().setAuthentication(authentication);
UserDetails userDetails = userDetailsService.loadUserByUsername(signInRequest.getUsername());
String token = tokenUtil.generateToken(userDetails);
JwtResponse response = new JwtResponse(token);
return response;
}
但在测试方法时 signIn
使用 Postman ,它总是返回未经授权的401。
日志:
2021-07-22 23:25:04.125 DEBUG 95688 --- [nio-9090-exec-2] org.hibernate.SQL : select account0_.id as id1_0_, account0_.actual_montant as actual_m2_0_, account0_.master as master3_0_, account0_.password as password4_0_, account0_.username as username5_0_ from account account0_ where account0_.username=?
2021-07-22 23:25:04.128 TRACE 95688 --- [nio-9090-exec-2] o.h.type.descriptor.sql.BasicBinder : binding parameter [1] as [VARCHAR] - [mghozzi]
2021-07-22 23:25:04.146 TRACE 95688 --- [nio-9090-exec-2] o.h.type.descriptor.sql.BasicExtractor : extracted value ([id1_0_] : [BIGINT]) - [1]
2021-07-22 23:25:04.150 TRACE 95688 --- [nio-9090-exec-2] o.h.type.descriptor.sql.BasicExtractor : extracted value ([actual_m2_0_] : [INTEGER]) - [1041]
2021-07-22 23:25:04.150 TRACE 95688 --- [nio-9090-exec-2] o.h.type.descriptor.sql.BasicExtractor : extracted value ([master3_0_] : [VARCHAR]) - [null]
2021-07-22 23:25:04.150 TRACE 95688 --- [nio-9090-exec-2] o.h.type.descriptor.sql.BasicExtractor : extracted value ([password4_0_] : [VARCHAR]) - [$2a$10$DcFDoSda8svLvT0ssno0vuYUGWlxaFOmqnQgnjZxXrbdtbFXI8P06]
2021-07-22 23:25:04.150 TRACE 95688 --- [nio-9090-exec-2] o.h.type.descriptor.sql.BasicExtractor : extracted value ([username5_0_] : [VARCHAR]) - [mghozzi]
2021-07-22 23:25:04.150 TRACE 95688 --- [nio-9090-exec-2] o.h.type.descriptor.sql.BasicExtractor : extracted value ([username5_0_] : [VARCHAR]) - [mghozzi]
暂无答案!
目前还没有任何答案,快来回答吧!