当我使用邮递员向
`
http://localhost:8080/students/
如果我使用凭据
admin1
123
,我得到一个401错误。
如果我使用凭据
admin
123
如果我使用凭据
1234
,请求还返回用户列表。
我没有正确验证密码吗?
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
@Override
public UserDetailsService userDetailsService() {
UserDetails user = User.withDefaultPasswordEncoder()
.username("admin")
.password("123")
.roles("ADMIN")
.build();
return new InMemoryUserDetailsManager(user);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().and().authorizeRequests()
.antMatchers("/user/**").hasRole("ADMIN")
.and().csrf().disable().headers().frameOptions().disable();
}
}
@RestController
public class StudentResource {
@Autowired private StudentRepository studentRepository;
@GetMapping("/students")
public List<Student> retrieveAllStudents() {
return studentRepository.findAll();
}
}
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
@Override
public UserDetailsService userDetailsService() {
UserDetails user = User.withDefaultPasswordEncoder()
.username("admin")
.password("123")
.roles("ADMIN")
.build();
return new InMemoryUserDetailsManager(user);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().and().authorizeRequests()
.antMatchers("/user/**").hasRole("ADMIN")
.and().csrf().disable().headers().frameOptions().disable();
}
}
@Repository
public interface StudentRepository extends JpaRepository<Student, Long> {
}
data.sql
insert into student
values(10001,'Ranga', 'E1234567');
insert into student
