使用REST和Javaconfig在Spring Security中消化Auth

我在使用spring security设置摘要式身份validation时遇到问题：

我的安全配置：

@Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserService userService; @Override @Bean public UserDetailsService userDetailsServiceBean() { return userService; } @Override protected void configure(AuthenticationManagerBuilder registry) throws Exception { registry.userDetailsService(userDetailsServiceBean()); } @Override public void configure(WebSecurity web) throws Exception { web.ignoring().antMatchers("/resources/**"); } @Override protected void configure(HttpSecurity http) throws Exception { http .exceptionHandling() .authenticationEntryPoint(digestEntryPoint()) .and() .addFilterAfter(digestAuthenticationFilter(digestEntryPoint()), BasicAuthenticationFilter.class) .antMatcher("/**") .csrf() .disable() .authorizeRequests() .anyRequest() .authenticated() .and() .formLogin() .permitAll() .and() .logout() .deleteCookies("remove") .invalidateHttpSession(true) .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .logoutSuccessUrl("/login") .permitAll(); } @Bean public DigestAuthenticationEntryPoint digestEntryPoint() { DigestAuthenticationEntryPoint digestAuthenticationEntryPoint = new DigestAuthenticationEntryPoint(); digestAuthenticationEntryPoint.setKey("acegi"); digestAuthenticationEntryPoint.setRealmName("Digest Realm"); digestAuthenticationEntryPoint.setNonceValiditySeconds(10); return digestAuthenticationEntryPoint; } @Bean public DigestAuthenticationFilter digestAuthenticationFilter( DigestAuthenticationEntryPoint digestAuthenticationEntryPoint) { DigestAuthenticationFilter digestAuthenticationFilter = new DigestAuthenticationFilter(); digestAuthenticationFilter.setAuthenticationEntryPoint(digestEntryPoint()); digestAuthenticationFilter.setUserDetailsService(userDetailsServiceBean()); return digestAuthenticationFilter; } } 

使用userService：

 @Component public class UserService implements UserDetailsService { @Autowired UserRepository userRepository; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { User user = userRepository.findByUsername(username); if (user == null) { throw new UsernameNotFoundException("UserName " + username + " not found"); } else { return user; } } } 

当尝试使用摘要访问API时，我得到以下返回：

 { "timestamp": "2015-11-25T13:51:01.874+0000", "status": 401, "error": "Unauthorized", "message": "Nonce should have yielded two tokens but was ", "path": "/api/" } 

Basic auth正在运行。 摘要有什么问题？

邮递员发出请求：

 Digest username="admin", realm="Digest Realm", nonce="", uri="/api/", response="762b17f23b0e1a2d56cd159805732d7b", opaque="" 

  expirationTime: The date and time when the nonce expires, expressed in milliseconds key: A private key to prevent modification of the nonce token 

• 是RC4还是ARCFOUR？ 使用SecretKeySpec时出现InvalidKeyException？
• AES文件解密“给定最终块未正确填充”