在Spring Boot中使用令牌保护API

时间:2019-04-08 11:33:08

标签: java rest spring-boot authentication

我们有一个只有两个使用者和5个端点的简单应用程序。对于一个端点,我需要某种身份验证方式。我喜欢这样做的条纹方式,但是我不知道如何在Spring Boot中构建它。

“通过HTTP基本身份验证对API进行身份验证。提供您的API密钥作为基本身份验证用户名值。您无需提供密码。” 

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Override
protected void configure(HttpSecurity http) throws Exception {
http
    .authorizeRequests()
    .antMatchers("/qr")
    .hasRole("user")
    .and()
    .sessionManagement()
    .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
    .and()
    .httpBasic()
    .and()
    .csrf()
    .disable();
}

@Bean
public UserDetailsService userDetailsService() {
val encodedPassword = new BCryptPasswordEncoder().encode("test");

final InMemoryUserDetailsManager manager = new               InMemoryUserDetailsManager();
   manager.createUser(User.withUsername("admin").password(encodedPassword).roles("user").build());
           //manager.createUser(User.withUsername("admin").roles("user").build());

  return manager;
}

@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
}

我试图从manager.createUser删除密码,但这不起作用。

1 个答案:

答案 0 :(得分:0)

Basic authentication is made of user:password in base64 encoded form. So your user must have a password equal to empty string for Basic Authentication to work. You can also get rid of BCryptPasswordEncoder and use NoOpPasswordEncoder since you don't use the password value.

相关问题
最新问题