您如何配置 Spring 4.0 和 Spring Security (3.2.0) 以专门使用 javaconfig(无 XML)进行摘要身份验证?我正在使用以下配置类,但是所有请求都被 HTTP 401 拒绝,并且“Nonce 应该已经产生了两个令牌,但是(...消息只是停在那里)”。
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfigurationDigest extends WebSecurityConfigurerAdapter
{
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception
{
auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception
{
http.authorizeRequests().antMatchers("/**").authenticated().and().addFilter(digestAuthenticationFilter(digestEntryPoint()));
}
@Override
@Bean
public UserDetailsService userDetailsServiceBean() throws Exception
{
return super.userDetailsServiceBean();
}
public DigestAuthenticationFilter digestAuthenticationFilter(DigestAuthenticationEntryPoint digestAuthenticationEntryPoint) throws Exception
{
DigestAuthenticationFilter digestAuthenticationFilter = new DigestAuthenticationFilter();
digestAuthenticationFilter.setAuthenticationEntryPoint(digestEntryPoint());
digestAuthenticationFilter.setUserDetailsService(userDetailsServiceBean());
return digestAuthenticationFilter;
}
@Bean
public DigestAuthenticationEntryPoint digestEntryPoint()
{
DigestAuthenticationEntryPoint digestAuthenticationEntryPoint = new DigestAuthenticationEntryPoint();
digestAuthenticationEntryPoint.setKey("mykey");
digestAuthenticationEntryPoint.setRealmName("myrealm");
return digestAuthenticationEntryPoint;
}
}
我正在尝试通过包含标头在客户端进行授权:
授权: Digest username="user", realm="myrealm", nonce="", uri="/service?param=98", response="fcd46faf42a583499d4e7f0371171ef2", opaque=""
如果我将此类恢复为基于 HttpBasic 的配置,我就能够访问预期的服务。是我的配置有问题还是我的请求有问题?上面的大部分代码都是从另一篇文章中借来的,但是我无法在这种情况下工作。所有这些都在 Spring Boot 0.5.0M7 中运行。
谢谢。