如何使用Spring Boot Web身份验证和Postman测试API?

huangapple go评论88阅读模式
英文:

How to test API with Spring Boot Web Authentication and Postman?

问题

我目前正在使用Spring Boot构建一个RESTful FAQ服务。我正在使用Spring Security进行Web身份验证,因此用户需要正确的密码和用户名才能查看页面。这些数据还与MySQL数据库连接。目前我正在为Excel文件实现导入/下载功能。但实际上我无法进行测试,因为每次我在Postman中发送GET请求时,都会收到来自Spring Boot安全性的登录页面。是否有一种方法可以绕过这个问题,或者告诉Postman使用正确的用户名和密码自动登录?

英文:

I'm currently building a RESTful FAQ Service with Spring Boot. I'm using Spring Security for the Web Authentication so the user needs the correct password and username to see the page. This data is also connected to a MySQL Database. In this moment I'm working on a Import/Download feature for Excel files. But I actually can't test it because every time I send a GET Request in Postman I always get the login page from Spring Boot security. Is there a way to baypass this or to tell Postman to login automatically with the correct username and password?

答案1

得分: 1

使用permitAll意味着每个经过身份验证的用户都可以访问,但是您已经禁用了匿名访问,因此这不起作用。您想要的是忽略某些URL,以实现这一点,覆盖接受WebSecurity对象的configure方法并忽略该模式。

@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers("/api/v1/signup");
}

然后从HttpSecurity部分中删除那一行。这将告诉Spring Security忽略此URL,并且不对其应用任何过滤器。

英文:

When using permitAll it means every authenticated user, however you disabled anonymous access so that won't work.
What you want is to ignore certain URLs for this override the configure method that takes WebSecurity object and ignore the pattern.

@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers("/api/v1/signup");
}

And remove that line from the HttpSecurity part. This will tell Spring Security to ignore this URL and don't apply any filters to them.

huangapple
  • 本文由 发表于 2020年9月21日 00:03:11
  • 转载请务必保留本文链接:https://go.coder-hub.com/63980972.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定