我想要一个基本的受身份验证保护的 REST 应用程序。我按照http://www.baeldung.com/spring-security-authentication-provider的一般说明进行操作,以使安全性正常工作。
我最终创建了 的实现AuthenticationProvider,但它从未被 Spring 调用。所有请求都以错误结束:
{"timestamp":1460199213227,"status":401,"error":"Unauthorized","message":"Full authentication is required to access this resource","path":"/test"}
没有 AuthenticationProvider 做任何事情。
该应用程序是基于注释的,以下是相关部分:
安全设置
@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class ApplicationSecurity extends WebSecurityConfigurerAdapter {
@Autowired
CustomAuthenticationProvider authenticationProvider;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authenticationProvider);
}
@Override
public void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authenticationProvider(authenticationProvider)
.authorizeRequests()
.anyRequest().authenticated().and().httpBasic();
}
}
身份验证提供者
@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
@Autowired
private UserDAO userDAO;
@Autowired
private Authenticator authenticator;
@Override
public Authentication authenticate(Authentication …