测试未初始化的Spring安全和静止控制器

0lvr5msh  于 2023-11-16  发布在  Spring
关注(0)|答案(1)|浏览(125)

如果我创建一个基于web的spring-boot rest API,并添加spring-boot-starter-security jar,应用程序将像这样初始化:

2023-10-27T15:06:17.219-04:00  WARN 19172 --- [           main] .s.s.UserDetailsServiceAutoConfiguration : 

Using generated security password: db6773b8-f34d-4675-b9bd-c6921cf8b79e

This generated password is for development use only. Your security configuration must be updated before running your application in production.

2023-10-27T15:06:17.282-04:00  INFO 19172 --- [           main] o.s.b.a.e.web.EndpointLinksResolver      : Exposing 1 endpoint(s) beneath base path '/actuator'
2023-10-27T15:06:17.302-04:00  INFO 19172 --- [           main] o.s.s.web.DefaultSecurityFilterChain     : Will secure any request with [org.springframework.security.web.session.DisableEncodeUrlFilter@773cc551, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@5cbaafbd, org.springframework.security.web.context.SecurityContextHolderFilter@772589ed, org.springframework.security.web.header.HeaderWriterFilter@2ef3efcc, org.springframework.web.filter.CorsFilter@4f0f56f5, org.springframework.security.web.csrf.CsrfFilter@2a045e85, org.springframework.security.web.authentication.logout.LogoutFilter@3f910f36, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@7ffb0bb4, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@2bb118ae, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@6edb093f, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@11e75942, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@c040c8d, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@4917992b, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@7f5c4ff8, org.springframework.security.web.access.ExceptionTranslationFilter@640028f2, org.springframework.security.web.access.intercept.AuthorizationFilter@c6653e]

字符串
我还没有对安全框架进行任何配置,现在可以用postman轻松地进行测试吗?

dxxyhpgq

dxxyhpgq1#

一旦spring security在classpath上,当你启动你的应用程序时,它会在默认设置中加载。Spring是所谓的 * 默认安全 *,这意味着它会锁定一切,你必须逐步配置它来解锁。
你可以直接使用curl查询一个端点,并得到一个 *401 UNDORIORIZED * 返回。

$ curl -i http://localhost:8080/some/path
HTTP/1.1 401

字符串
在你的日志中,当你启动时,你会发现一个自动生成的密码,用于默认配置的 * 基本身份验证 *。
您可以使用user再次查询,并使用curl中的-u标志自动生成密码

$ curl -i -u user:8e557245-73e2-4286-969a-ff57fe326336 http://localhost:8080/some/path
HTTP/1.1 404


它返回404,因为我们还没有设置端点。

相关问题