401 Unauthorized - 当尝试点击 Spring 应用程序的休息服务时

【问题标题】:401 Unauthorized - when try to hit rest service of Spring application401 Unauthorized - 当尝试点击 Spring 应用程序的休息服务时
【发布时间】:2019-04-02 11:15:10
【问题描述】:

当尝试在请求中传递 Authorization 标头时尝试点击 Spring 应用程序的 rest webservice 得到 401- Unauthorized。我不想让 spring 验证或验证我的标头,但我想将 Authorization 标头发送到端点。

web.xml

<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Test Tool</display-name>

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/root-context.xml</param-value>
</context-param>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<servlet>
    <servlet-name>spring-dispatcher</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/SpringConfig.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>spring-dispatcher</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/spring-security.xml
    </param-value>
</context-param>

<!-- Spring Security -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy
    </filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

</web-app>

spring-security.xml 

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <http auto-config="true" use-expressions="true">
    <intercept-url pattern="/v1.2/transfers/**" access="permitAll" />
    <logout logout-success-url="/home" delete-cookies="JSESSIONID"/>
    </http>

    <authentication-manager>
    <authentication-provider>
    <user-service>
    <user name="admin" password="admin" authorities="ROLE_USER" />
    </user-service> 
    </authentication-provider>
    </authentication-manager>
</beans:beans>

我正在尝试从客户端工具 /v1.2/transfers/**** 调用以下服务

Spring-Config.xml

<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:context="http://www.springframework.org/schema/context"
   xmlns:util="http://www.springframework.org/schema/util"
   xmlns:mvc="http://www.springframework.org/schema/mvc"
   xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
      http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
      http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
      http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">

    <context:annotation-config />   
    <context:component-scan base-package="com.test.demo" />   
    <bean name="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver" /> 
</beans>

【问题讨论】:

    标签: java xml spring spring-boot spring-security


    【解决方案1】:

    为 REST api 端点启用 http 模式,如下所示。

    <http pattern="/v1.2/transfers/**" security="none"/>

    【讨论】:

    • 感谢您的回复,当我尝试这个时,我得到 404。
    • 无论您输入什么模式,这些 url 都会为安全性而开放,这意味着您无需登录即可访问。所以只需将 url.so 放在这里 /v1.2/transfers/ /v1.2 之后的任何 url /transfers 将从安全中打开。
    • 30-Oct-2018 13:07:32.753 SEVERE [localhost-startStop-1] org.apache.catalina.core.StandardContext.startInternal 一个或多个监听器无法启动。完整的详细信息将在相应的容器日志文件中找到 30-Oct-2018 13:07:32.757 SEVERE [localhost-startStop-1] org.apache.catalina.core.StandardContext.startInternal Context [/testtool-1.4.0-SNAPSHOT ] 由于之前的错误,启动失败
    猜你喜欢
    • 1970-01-01
    • 2020-03-23
    • 1970-01-01
    • 2016-04-20
    • 2010-10-19
    • 1970-01-01
    • 2016-09-27
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode