java-如何使用邮递员将用户登录详细信息传递给Spring Boot Rest API

我正在使用Spring Boot Rest创建一个API,我想限制该API,以便只有登录的用户才能访问它.现在测试我正在使用邮递员的API,但是如何将用户详细信息传递给API?

这是我的代码:

@Configuration
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private AccessDeniedHandler accessDeniedHandler;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
        .antMatchers(HttpMethod.GET, "/", "/orders").permitAll()
        .antMatchers(HttpMethod.POST, "/order/**").hasAnyRole("ADMIN")
        .antMatchers(HttpMethod.DELETE, "/order/**").hasAnyRole("ADMIN")
        .and()
        .exceptionHandling().accessDeniedHandler(accessDeniedHandler);

    }

    // create two users, admin and user
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

        auth.inMemoryAuthentication()
                .withUser("user").password("password").roles("USER")
                .and()
                .withUser("admin").password("password").roles("ADMIN");
    }
}

这是我的拒绝访问处理程序:

@Component
public class MyAccessDeniedHandler implements AccessDeniedHandler {

    private static Logger logger = LoggerFactory.getLogger(MyAccessDeniedHandler.class);

    @Override
    public void handle(HttpServletRequest httpServletRequest,
                       HttpServletResponse httpServletResponse,
                       AccessDeniedException e) throws IOException, ServletException {

        Authentication auth
                = SecurityContextHolder.getContext().getAuthentication();

        if (auth != null) {
            logger.info("User '" + auth.getName()
                    + "' attempted to access the protected URL: "
                    + httpServletRequest.getRequestURI());
        }
        httpServletResponse.setContentType("application/json");
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        outputStream.print("Wrong user");

    }
}

当我尝试使用邮递员以URL作为顺序和方法作为DELETE访问API,并使用具有基本身份验证的“授权”选项卡传递用户登录详细信息,并将用户名作为admin和密码作为密码传递时,出现了错误的用户消息.

如何使用邮递员将用户腰部详细信息传递给我的API?

最佳答案
表单登录可能是默认的身份验证机制,您需要指定要使用基本身份验证.

尝试这个:

@Configuration
class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

  @Autowired
  private AccessDeniedHandler accessDeniedHandler;

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
      .antMatchers(HttpMethod.GET, "/", "/orders").permitAll()
      .antMatchers(HttpMethod.POST, "/order/**").hasAnyRole("ADMIN")
      .antMatchers(HttpMethod.DELETE, "/order/**").hasAnyRole("ADMIN")
      .and()
      .exceptionHandling().accessDeniedHandler(accessDeniedHandler)
    .and()  //added
    .httpBasic();  //added

  }

  // create two users, admin and user
  @Autowired
  public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

    auth.inMemoryAuthentication()
      .withUser("user").password("password").roles("USER")
      .and()
      .withUser("admin").password("password").roles("ADMIN");
  }
}

转载注明原文:java-如何使用邮递员将用户登录详细信息传递给Spring Boot Rest API - 代码日志