401 Unauthorized - 当尝试点击 Spring 应用程序的休息服务时
Posted
技术标签:
【中文标题】401 Unauthorized - 当尝试点击 Spring 应用程序的休息服务时【英文标题】:401 Unauthorized - when try to hit rest service of Spring application 【发布时间】:2019-04-02 11:15:10 【问题描述】:当尝试在请求中传递 Authorization 标头时尝试点击 Spring 应用程序的 rest webservice 得到 401- Unauthorized。我不想让 spring 验证或验证我的标头,但我想将 Authorization 标头发送到端点。
web.xml
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>Test Tool</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/root-context.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>spring-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/SpringConfig.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
spring-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/v1.2/transfers/**" access="permitAll" />
<logout logout-success-url="/home" delete-cookies="JSESSIONID"/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="admin" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
我正在尝试从客户端工具 /v1.2/transfers/**** 调用以下服务
Spring-Config.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">
<context:annotation-config />
<context:component-scan base-package="com.test.demo" />
<bean name="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver" />
</beans>
【问题讨论】:
【参考方案1】:为 REST api 端点启用 http 模式,如下所示。
<http pattern="/v1.2/transfers/**" security="none"/>
【讨论】:
感谢您的回复,当我尝试这个时,我得到 404。 无论您输入什么模式,这些 url 都会为安全性而开放,这意味着您无需登录即可访问。所以只需将 url.so 放在这里 /v1.2/transfers/ /v1.2 之后的任何 url /transfers 将从安全中打开。 30-Oct-2018 13:07:32.753 SEVERE [localhost-startStop-1] org.apache.catalina.core.StandardContext.startInternal 一个或多个监听器无法启动。完整的详细信息将在相应的容器日志文件中找到 30-Oct-2018 13:07:32.757 SEVERE [localhost-startStop-1] org.apache.catalina.core.StandardContext.startInternal Context [/testtool-1.4.0-SNAPSHOT ] 由于之前的错误,启动失败以上是关于401 Unauthorized - 当尝试点击 Spring 应用程序的休息服务时的主要内容,如果未能解决你的问题,请参考以下文章
如何修复PUT Invoke-RestMethod中的“401 Unauthorized”错误(试图替换存储过程)
当客户端在 /.auth/login/aad 端点上发布访问令牌时,为啥 EasyAuth 返回 401 Unauthorized 状态?
通过 Axios 和有效 JWT 发布时,WordPress REST API 返回 401 Unauthorized