Spring Boot 获取简单获取请求的 401 未授权状态码

Question

我对 Spring 框架很陌生。我创建了一个包含以下模块的新 Spring Starter 项目：web、mongo、security。

我已经创建了一个简单的控制器

@RestController
@RequestMapping("/users")
public class UserController {

    private UserRepository userRepository;

    @GetMapping("/all")
    public List<User> getAllUsers(){
        List<User> users = this.userRepository.findAll();
        return users;
    }

    @PostMapping("/")
    public void insert(@RequestBody User user){
        this.userRepository.save(user);
    }
}

并将一些原始数据播种到数据库中。当我在 Postman 中向这条路线发出请求时，我得到以下响应：

{
    "timestamp": 1511113712858,
    "status": 401,
    "error": "Unauthorized",
    "message": "Full authentication is required to access this resource",
    "path": "/users/all"
}

pom.xml：

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

<groupId>ngt</groupId>
<artifactId>someArtifact</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>

<name>dermaskin</name>
<description>Demo project for Spring Boot with mongodb</description>

<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>1.5.8.RELEASE</version>
    <relativePath/> <!-- lookup parent from repository -->
</parent>

<properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
    <java.version>1.8</java.version>
</properties>

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-data-mongodb</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-test</artifactId>
        <scope>test</scope>
    </dependency>
</dependencies>

<build>
    <plugins>
        <plugin>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-maven-plugin</artifactId>
        </plugin>
    </plugins>
</build>

是什么导致了未经授权的响应以及如何为/all 路由禁用它？谢谢！

Answer 1

@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.requestMatchers().antMatchers("/users/all").permitAll();
    }
}

您需要配置 Spring Security，默认情况下所有路由都为授权保护。

以上代码仅对“/users/all”网址禁用安全性。

Answer 2

我在加入时遇到了这个错误

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-oauth2-client</artifactId>
</dependency>

在我的 pom.xml 文件中。 只需将其删除，然后重试。

Answer 3

你可以保持你的安全依赖，但你必须设置一个用户名和密码。这可以通过将以下内容添加到位于下的 application.properties 文件中来完成 src/main/resources 文件夹

security.user.name=user # Default user name.
security.user.password= # your password here