java - Spring Security 配置 - 403 禁止

问题描述

我使用 spring 5.0.7.RELEASE，我需要为我的 spring 应用程序添加基本身份验证，这是一个非常古老的应用程序。这就是为什么它使用注册配置类的旧方法。我已经添加了SecurityConfig该类并将其导入SpringMvcConfig如下所示

@Configuration
@EnableWebMvc
@ComponentScan( basePackages = {
        "com.test" },
        excludeFilters = {
                @ComponentScan.Filter( Configuration.class )
        } )
@ImportResource("classpath:/spring-context.xml")
@EnableSwagger2
@Import({SwaggerConfig.class, SecurityConfig.class})
public class SpringMvcConfig extends WebMvcConfigurationSupport {

    @Autowired private ApplicationContext applicationContext;

    private static final String[] RESOURCE_BUNDLES = new String[] { "MessageResources" };
    private static final String[] YAML_RESOURCE_BUNDLES = new String[] { "messages" };

    /**
     * Configures the Jackson object mapper
     */
    @Bean( name = "objectMapper" )
    public ObjectMapper getObjectMapper( JacksonService jacksonService ) {
        return jacksonService.getObjectMapper();
    }

    /**
     * Configures the ApplicationContextProvider
     */
    @Bean( name = "applicationContextProvider" )
    public ApplicationContextProvider getApplicationContextProvider() {
        return new ApplicationContextProvider();
    }
}

这是 web.xml

    <servlet>
        <servlet-name>springmvc</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>

        <init-param>
            <param-name>contextClass</param-name>
            <param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext</param-value>
        </init-param>

        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>com.test.SpringMvcConfig</param-value>
        </init-param>
    </servlet>

    <servlet-mapping>
        <servlet-name>springmvc</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

 <!-- Spring Security Configuration -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

这是我的SecurityConfig.java

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .authorizeRequests().anyRequest().authenticated()
                .and()
                .httpBasic();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth)
            throws Exception {
        auth.inMemoryAuthentication()
                .withUser("test")
                .password("testpwd")
                .roles("USER");
    }

}

我收到 403 禁止 服务器理解请求但拒绝授权。我还添加了

public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
}

标签： javaspringrestspring-securitybasic-authentication