访问被拒绝用户是匿名的 - spring 启动 ws 基本身份验证
access denied user is anonymous - spring boot ws basic authentication
我正在开发一个使用 spring boot 的演示应用程序。所以我的想法是创建一个 soap 网络服务并向其添加基本的 http 身份验证。我按照网上的一些教程,但它并没有帮助我解决问题。
起初我创建了一个简单的 soap 网络服务,并使用 soapui 对其进行了测试。它工作得很好。当我将 spring 安全性添加到类路径时,我成功打开了我的应用程序提供的 wsdl(默认情况下使用我的浏览器和 spring 提供的登录表单)。但即使在添加身份验证后,它也无法使用 soapui 使用 web 服务 headers.
这是我的应用配置。
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web-services</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
</dependencies>
application.yml
spring:
security:
basic:
enabled: true
user:
name: client
password: password
WebServiceConfig.java
@EnableWs
@Configuration
public class WebServiceConfig extends WsConfigurerAdapter {
@Bean
public ServletRegistrationBean<Servlet> messageDispatcherServlet(ApplicationContext applicationContext) {
MessageDispatcherServlet servlet = new MessageDispatcherServlet();
servlet.setApplicationContext(applicationContext);
return new ServletRegistrationBean<>(servlet, "/ws/library/*");
}
@Bean(name = "books")
public Wsdl11Definition defaultWsdl11Definition() {
SimpleWsdl11Definition wsdl11Definition = new SimpleWsdl11Definition();
wsdl11Definition.setWsdl(new ClassPathResource("/book.wsdl"));
return wsdl11Definition;
}
}
BookEndpoint.java
@Endpoint
public class BookEndpoint {
@PayloadRoot(
namespace = "http://www.cleverbuilder.com/BookService/",
localPart = "GetBook")
@ResponsePayload
public GetBookResponse getBook(@RequestPayload GetBook book) {
ObjectFactory factory = new ObjectFactory();
GetBookResponse response = factory.createGetBookResponse();
response.setID("A"+book.getID());
return response;
}
}
soapui生成的请求如下:
POST http://localhost:8080/ws/library/BookService HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: text/xml;charset=UTF-8
SOAPAction: "http://www.cleverbuilder.com/BookService/GetBook"
Authorization: Basic Y2xpZW50OnBhc3N3b3Jk
Content-Length: 280
Host: localhost:8080
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
Cookie: JSESSIONID=77EF4FFB2B5A52EC21A47C230624B6DE
Cookie2: $Version=1
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:book="http://www.cleverbuilder.com/BookService/">
<soapenv:Header/>
<soapenv:Body>
<book:GetBook>
<ID>85</ID>
</book:GetBook>
</soapenv:Body>
</soapenv:Envelope>
和服务器响应:
HTTP/1.1 401
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
WWW-Authenticate: Basic realm="Realm"
Content-Length: 0
Date: Mon, 22 Apr 2019 09:08:43 GMT
记录的错误是:
Voter: org.springframework.security.web.access.expression.WebExpressionVoter@77114100, returned: -1
ExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) ~[spring-security-core-5.1.5.RELEASE.jar:5.1.5.RELEASE]
有人可以帮我吗?
问题出在 crsf 保护上。我能够通过禁用它来解决问题。这是我添加的配置。
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable();
}
}
我正在开发一个使用 spring boot 的演示应用程序。所以我的想法是创建一个 soap 网络服务并向其添加基本的 http 身份验证。我按照网上的一些教程,但它并没有帮助我解决问题。
起初我创建了一个简单的 soap 网络服务,并使用 soapui 对其进行了测试。它工作得很好。当我将 spring 安全性添加到类路径时,我成功打开了我的应用程序提供的 wsdl(默认情况下使用我的浏览器和 spring 提供的登录表单)。但即使在添加身份验证后,它也无法使用 soapui 使用 web 服务 headers.
这是我的应用配置。
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web-services</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
</dependencies>
application.yml
spring:
security:
basic:
enabled: true
user:
name: client
password: password
WebServiceConfig.java
@EnableWs
@Configuration
public class WebServiceConfig extends WsConfigurerAdapter {
@Bean
public ServletRegistrationBean<Servlet> messageDispatcherServlet(ApplicationContext applicationContext) {
MessageDispatcherServlet servlet = new MessageDispatcherServlet();
servlet.setApplicationContext(applicationContext);
return new ServletRegistrationBean<>(servlet, "/ws/library/*");
}
@Bean(name = "books")
public Wsdl11Definition defaultWsdl11Definition() {
SimpleWsdl11Definition wsdl11Definition = new SimpleWsdl11Definition();
wsdl11Definition.setWsdl(new ClassPathResource("/book.wsdl"));
return wsdl11Definition;
}
}
BookEndpoint.java
@Endpoint
public class BookEndpoint {
@PayloadRoot(
namespace = "http://www.cleverbuilder.com/BookService/",
localPart = "GetBook")
@ResponsePayload
public GetBookResponse getBook(@RequestPayload GetBook book) {
ObjectFactory factory = new ObjectFactory();
GetBookResponse response = factory.createGetBookResponse();
response.setID("A"+book.getID());
return response;
}
}
soapui生成的请求如下:
POST http://localhost:8080/ws/library/BookService HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: text/xml;charset=UTF-8
SOAPAction: "http://www.cleverbuilder.com/BookService/GetBook"
Authorization: Basic Y2xpZW50OnBhc3N3b3Jk
Content-Length: 280
Host: localhost:8080
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
Cookie: JSESSIONID=77EF4FFB2B5A52EC21A47C230624B6DE
Cookie2: $Version=1
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:book="http://www.cleverbuilder.com/BookService/">
<soapenv:Header/>
<soapenv:Body>
<book:GetBook>
<ID>85</ID>
</book:GetBook>
</soapenv:Body>
</soapenv:Envelope>
和服务器响应:
HTTP/1.1 401
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
WWW-Authenticate: Basic realm="Realm"
Content-Length: 0
Date: Mon, 22 Apr 2019 09:08:43 GMT
记录的错误是:
Voter: org.springframework.security.web.access.expression.WebExpressionVoter@77114100, returned: -1
ExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-5.1.5.RELEASE.jar:5.1.5.RELEASE]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) ~[spring-security-core-5.1.5.RELEASE.jar:5.1.5.RELEASE]
有人可以帮我吗?
问题出在 crsf 保护上。我能够通过禁用它来解决问题。这是我添加的配置。
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable();
}
}