일반 사용자 및 관리자 기능으로 기본 스프링 보안을 사용하려고합니다. 나는 이 기사를 따르고있다 . 하지만 401 unauthorize 오류가 계속 발생하고 우편 배달부와 curl 명령으로 시도했지만 도움이되지 않았습니다.
아래는 내 봄 구성 파일입니다.
package com.ebi.uk.config;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password("{noop}password").roles("USER")
.and()
.withUser("admin").password("{noop}password").roles("USER", "ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
//HTTP Basic authentication
.httpBasic()
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/persons/all").hasRole("ADMIN")
.antMatchers(HttpMethod.POST, "/persons/create").hasRole("USER")
.antMatchers(HttpMethod.DELETE, "/persons/delete/**").hasRole("ADMIN")
.antMatchers(HttpMethod.PUT, "/persons/update/**").hasRole("ADMIN")
.and()
.csrf().disable()
.formLogin().disable();
}
}
아래는 내 pom.xml입니다.
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.4.2</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.ebi.uk</groupId>
<artifactId>ebiProjectJava</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>ebiProjectJava</name>
<description>Project for EBI UK</description>
<properties>
<java.version>1.8</java.version>
<testcontainers.version>1.15.1</testcontainers.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<!-- <dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
</dependency> -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- spring security test -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.testcontainers</groupId>
<artifactId>junit-jupiter</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.testcontainers</groupId>
<artifactId>mysql</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.testcontainers</groupId>
<artifactId>testcontainers-bom</artifactId>
<version>${testcontainers.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
아래는 우편 배달부에서 전화를 걸 때 SS입니다. 아래는 내 예외 메시지입니다. 2
021-02-13 14:53:27.308 DEBUG 17240 --- [nio-8080-exec-6] o.a.c.authenticator.AuthenticatorBase : Security checking request GET /persons/all
2021-02-13 14:53:27.308 DEBUG 17240 --- [nio-8080-exec-6] org.apache.catalina.realm.RealmBase : No applicable constraints defined
2021-02-13 14:53:27.309 DEBUG 17240 --- [nio-8080-exec-6] o.a.c.authenticator.AuthenticatorBase : Not subject to any constraint
2021-02-13 14:53:27.309 DEBUG 17240 --- [nio-8080-exec-6] o.s.security.web.FilterChainProxy : Securing GET /persons/all
2021-02-13 14:53:27.309 DEBUG 17240 --- [nio-8080-exec-6] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2021-02-13 14:53:27.678 DEBUG 17240 --- [nio-8080-exec-6] o.s.s.a.dao.DaoAuthenticationProvider : Failed to find user 'admin'
2021-02-13 14:53:27.680 DEBUG 17240 --- [nio-8080-exec-6] o.s.s.w.a.www.BasicAuthenticationFilter : Failed to process authentication request
org.springframework.security.authentication.BadCredentialsException: Bad credentials
at org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:141) ~[spring-security-core-5.4.2.jar:5.4.2]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182) ~[spring-security-core-5.4.2.jar:5.4.2]
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:201) ~[spring-security-core-5.4.2.jar:5.4.2]
여기서 문제는 예제처럼 @Configuration 어노테이션으로 SpringSecurityConfig.java를 장식하지 않았으므로 무시된다는 것입니다. 이 경우 앱은 BASIC 인증으로 보호되지만 비밀번호가 무작위로 생성되고 콘솔의 로그에 메시지가 표시됩니다. 귀하의 경우 이미 언급했듯이 @Configuration을 클래스에 추가하십시오.
이 기사는 인터넷에서 수집됩니다. 재 인쇄 할 때 출처를 알려주십시오.
침해가 발생한 경우 연락 주시기 바랍니다[email protected] 삭제
몇 마디 만하겠습니다