9

我当前的 java 安全配置如下所示:

@Configuration
@EnableWebSecurity
public class RootConfig extends WebSecurityConfigurerAdapter {

@Override
protected void registerAuthentication(AuthenticationManagerBuilder auth) throws Exception
{
auth.inMemoryAuthentication()
    .withUser("tester").password("passwd").roles("USER");
}

@Override
protected void configure(HttpSecurity http) throws Exception {
     http
     .authorizeUrls()
         .anyRequest().authenticated()
         .and()
     .httpBasic();       
  }
}

当我使用浏览器执行 GET 请求时,我会收到一个错误 403。我希望得到一个浏览器弹出窗口,要求我输入用户名/密码。可能是什么问题?

4

2 回答 2

13

更新:这已在 Spring Security 3.2.0.RC1+ 中修复

这是安全 Java 配置中的一个错误,将在下一个版本中解决。我创建了SEC-2198来跟踪它。目前,一种解决方法是使用以下内容:

@Bean
public BasicAuthenticationEntryPoint entryPoint() {
    BasicAuthenticationEntryPoint basicAuthEntryPoint = new BasicAuthenticationEntryPoint();
    basicAuthEntryPoint.setRealmName("My Realm");
    return basicAuthEntryPoint;
}

@Override
protected void configure(HttpSecurity http) throws Exception {

    http
        .exceptionHandling()
            .authenticationEntryPoint(entryPoint())
            .and()
        .authorizeUrls()
            .anyRequest().authenticated()
            .and()
        .httpBasic();       
}

PS:感谢您试用 Spring Security Java Configuration!保持反馈:)

于 2013-07-10T13:19:20.763 回答
0

使用 Spring Security 4.2.3 并且可能在您可以简单地使用此配置之前:

@Configuration
@EnableWebSecurity
public class CommonWebSecurityConfig extends WebSecurityConfigurerAdapter {

   @Override
   protected void configure(final HttpSecurity http) throws Exception {
     http
        .authorizeRequests()
           .anyRequest().authenticated()
           .and()
        .httpBasic();
  }
  @Autowired
  public void dlcmlUserDetails(final AuthenticationManagerBuilder auth) throws Exception {
      auth.inMemoryAuthentication()
          .withUser("tom").password("111").roles("USER");
  }
}
于 2017-09-28T19:35:05.583 回答