java - Spring Security 配置 - 403 禁止
问题描述
我使用 spring 5.0.7.RELEASE,我需要为我的 spring 应用程序添加基本身份验证,这是一个非常古老的应用程序。这就是为什么它使用注册配置类的旧方法。我已经添加了SecurityConfig
该类并将其导入SpringMvcConfig
如下所示
@Configuration
@EnableWebMvc
@ComponentScan( basePackages = {
"com.test" },
excludeFilters = {
@ComponentScan.Filter( Configuration.class )
} )
@ImportResource("classpath:/spring-context.xml")
@EnableSwagger2
@Import({SwaggerConfig.class, SecurityConfig.class})
public class SpringMvcConfig extends WebMvcConfigurationSupport {
@Autowired private ApplicationContext applicationContext;
private static final String[] RESOURCE_BUNDLES = new String[] { "MessageResources" };
private static final String[] YAML_RESOURCE_BUNDLES = new String[] { "messages" };
/**
* Configures the Jackson object mapper
*/
@Bean( name = "objectMapper" )
public ObjectMapper getObjectMapper( JacksonService jacksonService ) {
return jacksonService.getObjectMapper();
}
/**
* Configures the ApplicationContextProvider
*/
@Bean( name = "applicationContextProvider" )
public ApplicationContextProvider getApplicationContextProvider() {
return new ApplicationContextProvider();
}
}
这是 web.xml
<servlet>
<servlet-name>springmvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
<init-param>
<param-name>contextClass</param-name>
<param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext</param-value>
</init-param>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>com.test.SpringMvcConfig</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>springmvc</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Spring Security Configuration -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
这是我的SecurityConfig.java
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests().anyRequest().authenticated()
.and()
.httpBasic();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication()
.withUser("test")
.password("testpwd")
.roles("USER");
}
}
我收到 403 禁止 服务器理解请求但拒绝授权。我还添加了
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
}
解决方案
推荐阅读
- javascript - 使用 Google 登录 cookie 打开一个已经登录的页面(puppeteer)
- r - 由于 R 中的内生性,2SLS 时间序列的 GMM
- javascript - 如何使标题仅在大屏幕上保持粘性,但在用户向下滚动时在移动设备上消失?
- flutter - 为什么iOS模拟器打不开?
- debugging - CDB 在启动和退出时吐出“加载和卸载 NatVis 脚本”消息
- api - 如何使用 Yii2 micro 更改 xml 或 json 中的响应
- java - CSRF 令牌已与此客户端关联
- python - 回滚日期偏移量
- flutter - Flutter 如何使用 for 循环来获得超过 15 个日期?
- r - 在列表中堆叠数据框的列