사용자 인증을 위해 웹 보안을 사용할 때까지 제대로 작동하는 간단한 스프링 웹 서비스를 작성했습니다.웹 보안 프로그래밍 방식의 스프링 부트 웹 서비스
나는 프로그래밍 방식으로 프로젝트에 대한 모든 스프링 구성을 설정했다. (처음이 방법을 시도했다.) 웹 서비스를 부팅하기 위해 스프링 부트를 사용하고있다. (또한 스프링 부트를 처음 시도했다.) 이것은 다음의 스프링 API (spring-boot-starter-ws : 1.1+ 및 spring-security-xxx : 3. +)를 사용하고 있습니다.
@Configuration
@EnableWs
@ComponentScan
public class WebServiceConfig extends WsConfigurerAdapter {
@Bean
public ServletRegistrationBean dispatcherServlet(ApplicationContext applicationContext) {
MessageDispatcherServlet servlet = new MessageDispatcherServlet();
servlet.setApplicationContext(applicationContext);
return new ServletRegistrationBean(servlet, "/ws/A/Service");
}
....
Securityconfiguration과 같이 정의된다 웹은 다음과 같습니다 :
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests().antMatchers("/**").hasRole("alogin").and().httpBasic();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("testuser").password("password").roles("alogin");
}
}
@Endpoint
public class AWebServiceEndpoint extends WsConfigurerAdapter {
@PayloadRoot(namespace = NAMESPACE_URI, localPart = "aRequest")
@ResponsePayload
public AResponse request(@RequestPayload ARequest request) {
...
웹 서비스 구성이 정의되어 다음과 같이
웹 서비스 엔드 포인트가 정의됩니다
웹 보안이 구성된 웹 서비스를 호출하면 다음과 같은 봄 d가 표시됩니다. ebug의 스택 트레이스 :
04-Jul-2014 12:21:07,084 [DEBUG] HttpServletBean - Initializing servlet 'messageDispatcherServlet' 04-Jul-2014 12:21:07,085 [DEBUG] MutablePropertySources - Adding [servletConfigInitParams] PropertySource with lowest search precedence 04-Jul-2014 12:21:07,085 [DEBUG] MutablePropertySources - Adding [servletContextInitParams] PropertySource with lowest search precedence 04-Jul-2014 12:21:07,085 [DEBUG] MutablePropertySources - Adding [jndiProperties] PropertySource with lowest search precedence 04-Jul-2014 12:21:07,085 [DEBUG] MutablePropertySources - Adding [systemProperties] PropertySource with lowest search precedence 04-Jul-2014 12:21:07,085 [DEBUG] MutablePropertySources - Adding [systemEnvironment] PropertySource with lowest search precedence 04-Jul-2014 12:21:07,085 [DEBUG] AbstractEnvironment - Initialized StandardServletEnvironment with PropertySources [servletConfigInitParams,servletContextInitParams,jndiProperties,systemProperties,systemEnvironment] 04-Jul-2014 12:21:07,086 [INFO ] FrameworkServlet - FrameworkServlet 'messageDispatcherServlet': initialization started 04-Jul-2014 12:21:07,087 [DEBUG] AbstractBeanFactory - Returning cached instance of singleton bean 'messageFactory' 04-Jul-2014 12:21:07,093 [DEBUG] AbstractBeanFactory - Returning cached instance of singleton bean 'defaultMethodEndpointAdapter' 04-Jul-2014 12:21:07,093 [DEBUG] AbstractBeanFactory - Returning cached instance of singleton bean 'soapFaultAnnotationExceptionResolver' 04-Jul-2014 12:21:07,093 [DEBUG] AbstractBeanFactory - Returning cached instance of singleton bean 'simpleSoapExceptionResolver' 04-Jul-2014 12:21:07,093 [DEBUG] AbstractBeanFactory - Returning cached instance of singleton bean 'payloadRootAnnotationMethodEndpointMapping' 04-Jul-2014 12:21:07,093 [DEBUG] AbstractBeanFactory - Returning cached instance of singleton bean 'soapActionAnnotationMethodEndpointMapping' 04-Jul-2014 12:21:07,094 [DEBUG] AbstractBeanFactory - Returning cached instance of singleton bean 'annotationActionEndpointMapping' 04-Jul-2014 12:21:07,094 [DEBUG] MessageDispatcherServlet - No MessageDispatcher found in servlet 'messageDispatcherServlet': using default 04-Jul-2014 12:21:07,094 [DEBUG] AbstractBeanFactory - Returning cached instance of singleton bean 'request' 04-Jul-2014 12:21:07,094 [DEBUG] MessageDispatcherServlet - Published [[email protected]147] as request.wsdl 04-Jul-2014 12:21:07,095 [DEBUG] AbstractBeanFactory - Returning cached instance of singleton bean 'requestSchema' 04-Jul-2014 12:21:07,095 [DEBUG] MessageDispatcherServlet - Published [SimpleXsdSchema{http://www.destin8.co.uk/Chief}] as requestSchema.xsd 04-Jul-2014 12:21:07,095 [DEBUG] FrameworkServlet - Published WebApplicationContext of servlet 'messageDispatcherServlet' as ServletContext attribute with name [org.springframework.web.servlet.FrameworkServlet.CONTEXT.messageDispatcherServlet] 04-Jul-2014 12:21:07,095 [INFO ] FrameworkServlet - FrameworkServlet 'messageDispatcherServlet': initialization completed in 9 ms 04-Jul-2014 12:21:07,095 [DEBUG] HttpServletBean - Servlet 'messageDispatcherServlet' configured successfully 04-Jul-2014 12:21:07,102 [DEBUG] FilterChainProxy$VirtualFilterChain - /ws/A/Service at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter' 04-Jul-2014 12:21:07,105 [DEBUG] FilterChainProxy$VirtualFilterChain - /ws/A/Service at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 04-Jul-2014 12:21:07,106 [DEBUG] HttpSessionSecurityContextRepository - No HttpSession currently exists 04-Jul-2014 12:21:07,106 [DEBUG] HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created. 04-Jul-2014 12:21:07,108 [DEBUG] FilterChainProxy$VirtualFilterChain - /ws/A/Service at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter' 04-Jul-2014 12:21:07,108 [DEBUG] HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatch[email protected] 04-Jul-2014 12:21:07,108 [DEBUG] FilterChainProxy$VirtualFilterChain - /ws/A/Service at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter' 04-Jul-2014 12:21:07,108 [DEBUG] AntPathRequestMatcher - Checking match of request : '/ws/a/service'; against '/logout' 04-Jul-2014 12:21:07,108 [DEBUG] FilterChainProxy$VirtualFilterChain - /ws/A/Service at position 5 of 11 in additional filter chain; firing Filter: 'BasicAuthenticationFilter' 04-Jul-2014 12:21:07,109 [DEBUG] FilterChainProxy$VirtualFilterChain - /ws/A/Service at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 04-Jul-2014 12:21:07,109 [DEBUG] FilterChainProxy$VirtualFilterChain - /ws/A/Service at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 04-Jul-2014 12:21:07,110 [DEBUG] FilterChainProxy$VirtualFilterChain - /ws/A/Service at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 04-Jul-2014 12:21:07,111 [DEBUG] AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS' 04-Jul-2014 12:21:07,111 [DEBUG] FilterChainProxy$VirtualFilterChain - /ws/A/Service at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter' 04-Jul-2014 12:21:07,111 [DEBUG] SessionManagementFilter - Requested session ID A90A65C310CD0D87A9588F386BC51071 is invalid. 04-Jul-2014 12:21:07,111 [DEBUG] FilterChainProxy$VirtualFilterChain - /ws/A/Service at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 04-Jul-2014 12:21:07,112 [DEBUG] FilterChainProxy$VirtualFilterChain - /ws/A/Service at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 04-Jul-2014 12:21:07,112 [DEBUG] AntPathRequestMatcher - Request '/ws/a/service' matched by universal pattern '/**' 04-Jul-2014 12:21:07,112 [DEBUG] AbstractSecurityInterceptor - Secure object: FilterInvocation: URL: /ws/A/Service; Attributes: [hasRole('ROLE_alogin')] 04-Jul-2014 12:21:07,113 [DEBUG] AbstractSecurityInterceptor - Previously Authenticated: org.sprin[email protected]9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS 04-Jul-2014 12:21:07,115 [DEBUG] AffirmativeBased - Voter: org.sp[email protected]1bfa3f4c, returned: -1 04-Jul-2014 12:21:07,116 [DEBUG] AbstractBeanFactory - Returning cached instance of singleton bean 'org.springframework.integration.internalMessagingAnnotationPostProcessor' 04-Jul-2014 12:21:07,117 [DEBUG] ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) ~[spring-security-core-3.2.4.RELEASE.jar:3.2.4.RELEASE]
내가 확실히 인증 사용자 이름과 암호를 설정하고 웹 서비스 호출
.웹 보안을 사용하도록 설정하고 작동하도록 설정해야하는 다른 구성 옵션이 있습니까?
미리 감사드립니다. PM.
'BasicAuthenticationFilter' 발사를 볼 수 있습니다. 어떻게 귀하의 요청을 인증 했습니까? –
'인증 및 보안 관련 설정'탭에서 사용자 이름과 암호 값을 설정 한 요청을 실행하는 데 Soap UI를 사용하고 있습니다. –
Soap UI에 정말 도움이되지는 않지만 문제가있는 것 같습니다. 기본 인증을 사용하지 않는 것일 수 있습니다. 어쩌면 그 설정일까요? curl로 제어하고 명령 행에서 신임 정보를 제공 할 수 있습니다. –