当我使用邮递员提交获取请求时
'http://localhost:8080/students/
如果我使用凭据admin1123,则会收到 401 错误。
如果我使用凭据admin123,则 reuqest 返回用户列表。
如果我使用凭据admin1234,请求还会返回用户列表。
我是否正确验证了密码?
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
@Override
public UserDetailsService userDetailsService() {
UserDetails user = User.withDefaultPasswordEncoder()
.username("admin")
.password("123")
.roles("ADMIN")
.build();
return new InMemoryUserDetailsManager(user);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().and().authorizeRequests()
.antMatchers("/user/**").hasRole("ADMIN")
.and().csrf().disable().headers().frameOptions().disable();
}
}
@RestController
public class StudentResource {
@Autowired private StudentRepository studentRepository;
@GetMapping("/students")
public List<Student> retrieveAllStudents() {
return studentRepository.findAll();
}
}
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
@Override
public UserDetailsService userDetailsService() {
UserDetails user = User.withDefaultPasswordEncoder()
.username("admin")
.password("123")
.roles("ADMIN")
.build();
return new InMemoryUserDetailsManager(user);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().and().authorizeRequests()
.antMatchers("/user/**").hasRole("ADMIN")
.and().csrf().disable().headers().frameOptions().disable();
}
}
@Repository
public interface StudentRepository extends JpaRepository<Student, Long> {
}
data.sql
insert into student
values(10001,'Ranga', 'E1234567');
insert into student
控制器中的路径与配置中的路径不匹配。