| 刘洪青 | 76d8b3d | 2018-08-22 10:32:57 +0800 | [diff] [blame] | 1 | |
| 2 | ## 基于 Basic 认证的资源接口请求方式 |
| 3 | |
| 4 | 采用 Basic 认证,对 API 资源接口进行访问控制 |
| 5 | |
| 6 | |
| 7 | ### 项目配置 |
| 8 | |
| 9 | 1、在 client 项目的 application.yml 中新增配置 |
| 10 | |
| 11 | |
| 12 | ``` |
| 13 | infras.security.api.basic.enabled: true |
| 14 | ``` |
| 15 | |
| 16 | 若要禁用则,注释掉配置 或 修改为 false |
| 17 | |
| 18 | |
| 19 | 2、在 ClientApplication(项目启动类)中,添加注解 @EnableInfrasApiSecurity |
| 20 | |
| 21 | 注,不能同时存在 注解 @EnableInfrasOAuth2 |
| 22 | |
| 23 | |
| 24 | |
| 25 | ### 请求 API 资源接口 |
| 26 | |
| 27 | 请求地址:/api/user |
| 28 | |
| 29 | 请求头: |
| 30 | `Authorization,认证头,Basic <user:password 的 base64 编码>` |
| 31 | 示例(user:password 为 admin:111111): |
| 32 | `Authorization: Basic YWRtaW46MTExMTEx` |
| 33 | |
| 34 | 请求示例: |
| 35 | ``` |
| 36 | curl -i -s -X GET -H "Authorization: Basic YWRtaW46MTExMTEx" "http://localhost:8080/api/user" |
| 37 | ``` |
| 38 | 注: |
| 39 | -H "Authorization: Basic YWRtaW46MTExMTEx" 为请求头参数 |
| 40 | |
| 41 | |
| 42 | 响应结果: |
| 43 | ``` |
| 44 | { |
| 45 | "password":null, |
| 46 | "username":"admin", |
| 47 | "authorities":[{"authority":"ROLE_ADMIN"},{"authority":"administrator"},{"authority":"user"}], |
| 48 | "accountNonExpired":true, |
| 49 | "accountNonLocked":true, |
| 50 | "credentialsNonExpired":true, |
| 51 | "enabled":true |
| 52 | } |
| 53 | ``` |