使用 RestSharp 在 Spring-boot 服务器中验证 c# 客户端
本文关键字:验证 客户端 服务器 RestSharp Spring-boot 使用 | 更新日期: 2023-09-27 18:34:38
我有一个基于弹簧引导的服务器应用程序,运行着弹簧安全。
我的客户端是基于c#的Windows桌面客户端,我正在使用RestSharp库。如果我删除弹簧安全性,它就像一个魅力。当我尝试使用 spring 安全性在服务器中对我的客户端进行身份验证时,它永远不会成功。
static void Main(string[] args)
{
var client = new RestClient();
Uri baseUrl = new Uri("http://localhost:8080/POC-WebApplication");
client.BaseUrl = baseUrl;
client.Authenticator = new HttpBasicAuthenticator("user", "password");
var request = new RestRequest("/nuevosusuarios", Method.POST);
request.AddParameter("json", "[{'"name'":'"uuuuu'",'"id'":11101,'"birthday'":'"12/02/2012'"},{'"name'":'"zzzzzz'",'"id'":444644,'"birthday'":'"12/02/2012'"}]");
client.Execute(request);
}
我已经仔细检查了用户名和密码是否正确,因此到目前为止它不是错字。
读取春季日志:
00:46:33.293 [http-apr-8080-exec-15] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using NegatedRequestMatcher [requestMatcher=Ant [pattern='/**/favicon.ico']]
00:46:33.294 [http-apr-8080-exec-15] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/nuevosusuarios'; against '/**/favicon.ico'
00:46:33.294 [http-apr-8080-exec-15] DEBUG o.s.s.w.u.m.NegatedRequestMatcher - matches = true
00:46:33.299 [http-apr-8080-exec-15] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@3623e183, matchingMediaTypes=[application/json], useEquals=false, ignoredMediaTypes=[*/*]]]
00:46:33.300 [http-apr-8080-exec-15] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - httpRequestMediaTypes=[application/json, application/xml, text/json, text/x-json, text/javascript, text/xml]
00:46:33.304 [http-apr-8080-exec-15] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing application/json
00:46:33.304 [http-apr-8080-exec-15] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/json .isCompatibleWith application/json = true
00:46:33.305 [http-apr-8080-exec-15] DEBUG o.s.s.w.u.m.NegatedRequestMatcher - matches = false
00:46:33.310 [http-apr-8080-exec-15] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Did not match
00:46:33.310 [http-apr-8080-exec-15] DEBUG o.s.s.w.s.HttpSessionRequestCache - Request not saved as configured RequestMatcher did not match
00:46:33.311 [http-apr-8080-exec-15] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Calling Authentication entry point.
00:46:33.311 [http-apr-8080-exec-15] DEBUG o.s.s.web.DefaultRedirectStrategy - Redirecting to 'http://localhost:8080/POC-WebApplication/login'
00:46:33.315 [http-apr-8080-exec-15] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
00:46:33.316 [http-apr-8080-exec-15] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
00:46:33.323 [http-apr-8080-exec-16] DEBUG o.s.security.web.FilterChainProxy - /login at position 1 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
00:46:33.324 [http-apr-8080-exec-16] DEBUG o.s.security.web.FilterChainProxy - /login at position 2 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
00:46:33.327 [http-apr-8080-exec-16] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No HttpSession currently exists
00:46:33.327 [http-apr-8080-exec-16] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
00:46:33.328 [http-apr-8080-exec-16] DEBUG o.s.security.web.FilterChainProxy - /login at position 3 of 12 in additional filter chain; firing Filter: 'HeaderWriterFilter'
00:46:33.332 [http-apr-8080-exec-16] DEBUG o.s.s.w.h.writers.HstsHeaderWriter - Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@190662e4
00:46:33.333 [http-apr-8080-exec-16] DEBUG o.s.security.web.FilterChainProxy - /login at position 4 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
00:46:33.333 [http-apr-8080-exec-16] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/login'; against '/error.html'
00:46:33.338 [http-apr-8080-exec-16] DEBUG o.s.security.web.FilterChainProxy - /login at position 5 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
00:46:33.338 [http-apr-8080-exec-16] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request 'GET /login' doesn't match 'POST /login
00:46:33.344 [http-apr-8080-exec-16] DEBUG o.s.security.web.FilterChainProxy - /login at position 6 of 12 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
00:46:33.344 [http-apr-8080-exec-16] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
00:46:33.349 [http-apr-8080-exec-16] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
我看到了一些有趣的东西:o.s.s.w.u.m.AntPathRequestMatcher - 请求"GET/login"与"POST/login"不匹配
难道是线索?
提前谢谢。
最后我明白了它失败的原因。在春季安全选项中,没有一个指定httpBasic模式。