spring security始终返回401 Unauthorized,即使使用适当的配置

nhhxz33t  于 2021-09-29  发布在  Java
关注(0)|答案(0)|浏览(1015)

**已关闭。**此问题需要调试详细信息。它目前不接受答案。
**想要改进此问题?**更新问题,使其位于堆栈溢出主题上。

三天前关门。
改进这个问题
我有一个奇怪的问题:
这是我的安全配置(请注意,url的模式 /auth/* 允许在无需身份验证的情况下访问):

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    public final String [] ENDPOINTSPERMIT = { "/auth/*" };

    @Bean   
    @Override
    protected AuthenticationManager authenticationManager () throws Exception {
        return super.authenticationManager() ;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .cors()
                .and()
            .csrf().disable()
            .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
            .authorizeRequests()
                .antMatchers(ENDPOINTSPERMIT).permitAll() // those are perimtted without authentication
                .anyRequest().authenticated()   // all the other must be authenticated before   
                .and()
        .httpBasic();
    }

这是与之相关的控制器 /auth :

@RestController
@RequestMapping(value = "/auth", produces = "application/json" , method = { RequestMethod.GET, RequestMethod.POST,
        RequestMethod.PUT , RequestMethod.DELETE })
public class AuthentificationController {

    @Autowired
    private TokenUtil tokenUtil;

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private AuthenticationManager auth;

    @PostMapping(value = "/signin")
    @ResponseStatus(HttpStatus.OK)
    public JwtResponse signIn(@RequestBody SignInRequest signInRequest) {
        final Authentication authentication = auth.authenticate(
                new UsernamePasswordAuthenticationToken(signInRequest.getUsername(), signInRequest.getPassword()));
        SecurityContextHolder.getContext().setAuthentication(authentication);
        UserDetails userDetails = userDetailsService.loadUserByUsername(signInRequest.getUsername());
        String token = tokenUtil.generateToken(userDetails);
        JwtResponse response = new JwtResponse(token);
        return response;
    }

但在测试方法时 signIn 使用 Postman ,它总是返回未经授权的401。
日志:

2021-07-22 23:25:04.125 DEBUG 95688 --- [nio-9090-exec-2] org.hibernate.SQL                        : select account0_.id as id1_0_, account0_.actual_montant as actual_m2_0_, account0_.master as master3_0_, account0_.password as password4_0_, account0_.username as username5_0_ from account account0_ where account0_.username=?
2021-07-22 23:25:04.128 TRACE 95688 --- [nio-9090-exec-2] o.h.type.descriptor.sql.BasicBinder      : binding parameter [1] as [VARCHAR] - [mghozzi]
2021-07-22 23:25:04.146 TRACE 95688 --- [nio-9090-exec-2] o.h.type.descriptor.sql.BasicExtractor   : extracted value ([id1_0_] : [BIGINT]) - [1]
2021-07-22 23:25:04.150 TRACE 95688 --- [nio-9090-exec-2] o.h.type.descriptor.sql.BasicExtractor   : extracted value ([actual_m2_0_] : [INTEGER]) - [1041]
2021-07-22 23:25:04.150 TRACE 95688 --- [nio-9090-exec-2] o.h.type.descriptor.sql.BasicExtractor   : extracted value ([master3_0_] : [VARCHAR]) - [null]
2021-07-22 23:25:04.150 TRACE 95688 --- [nio-9090-exec-2] o.h.type.descriptor.sql.BasicExtractor   : extracted value ([password4_0_] : [VARCHAR]) - [$2a$10$DcFDoSda8svLvT0ssno0vuYUGWlxaFOmqnQgnjZxXrbdtbFXI8P06]
2021-07-22 23:25:04.150 TRACE 95688 --- [nio-9090-exec-2] o.h.type.descriptor.sql.BasicExtractor   : extracted value ([username5_0_] : [VARCHAR]) - [mghozzi]
2021-07-22 23:25:04.150 TRACE 95688 --- [nio-9090-exec-2] o.h.type.descriptor.sql.BasicExtractor   : extracted value ([username5_0_] : [VARCHAR]) - [mghozzi]

暂无答案!

目前还没有任何答案,快来回答吧!

相关问题