我正在使用 SoapUI 测试 Spring 中创建的 REST 服务。当我没有用户名/登录名时,我能够成功发送 HTTP 请求。但是,当我提供如下 Spring Security 时:
package config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
// Create 2 users for demo
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password("{noop}password").roles("USER")
.and()
.withUser("admin").password("{noop}password").roles("USER", "ADMIN");
}
// HTTP Basic Auth for endpoints
@Override
protected void configure(HttpSecurity http) throws Exception {
http
//HTTP Basic authentication
.httpBasic()
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/books/**").hasRole("USER")
.antMatchers(HttpMethod.POST, "/books").hasRole("ADMIN")
.antMatchers(HttpMethod.PUT, "/books/**").hasRole("ADMIN")
.antMatchers(HttpMethod.PATCH, "/books/**").hasRole("ADMIN")
.antMatchers(HttpMethod.DELETE, "/books/**").hasRole("ADMIN")
.and()
.csrf().disable()
.formLogin().disable();
}
}
我不断收到错误 401。我尝试过对密码进行硬编码、在 SoapUI 中设置身份验证和设置参数。谁能建议如何在测试中包含用户和密码?
最佳答案
这是一个两步过程。 1)通过一些在线服务使用用户/密码生成 token ,例如:- https://www.blitter.se/utils/basic-authentication-header-generator/
例如。对于用户/pwd asdf/asdf,它生成:- 授权:基本YXNkZjphc2Rm此处 Authorization 是您的 header key ,Basic YXNkZjphc2Rm 是 header 值
2) 将其添加到其余端点,如下所示并进行调用。
关于java - SoapUI - 以 JSON 格式发送登录详细信息,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57095052/