Spring security 基本认证配置

我一直在尝试遵循本教程：

https://www.baeldung.com/spring-security-basic-authentication

我创建了几个这样的休息端点：

@RestController
public class PostController {

    @Autowired
    PostCommentService postCommentService;

    @Autowired
    PostService postService;

    @GetMapping("/comment")
    public PostComment getComment(@RequestParam Long id) {
       return postCommentService.findPostCommentById(id);
    }

    @PostMapping("/createPost")
    public void createPost(@RequestBody PostDTO body){
        postService.createPost(body);
    }
}

现在为了安全起见，我像这样使用 spring：

<parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.3.2.RELEASE</version>
        <relativePath/>
    </parent>

 <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
 </dependency>

这是 Spring Security 的配置类：

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private MyBasicAuthenticationEntryPoint authenticationEntryPoint;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers( "/comment").permitAll()
                .anyRequest().authenticated()
                .and()
            .httpBasic()
            .authenticationEntryPoint(authenticationEntryPoint);

        http.addFilterAfter(new CustomFilter(),
                BasicAuthenticationFilter.class);
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
            .withUser("admin")
            .password(passwordEncoder().encode("password"))
            .authorities("ROLE_USER");
    }


    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

}

CustomFilter 看起来像这样：

public class CustomFilter extends GenericFilterBean {

    @Override
    public void doFilter(
            ServletRequest request,
            ServletResponse response,
            FilterChain chain) throws IOException, ServletException {
        chain.doFilter(request, response);
    }

}

这是 AuthenticationEntryPoint：

@Component
public class MyBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoint {
    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authEx)
        throws IOException {
        response.addHeader("WWW-Authenticate", "Basic realm= + getRealmName() + ");
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        PrintWriter writer = response.getWriter();
        writer.println("HTTP Status 401 - " + authEx.getMessage());
    }

    @Override
    public void afterPropertiesSet(){
        setRealmName("spring");
        super.afterPropertiesSet();
    }
}

现在的问题是，每当我尝试发送 POST 请求时，我最终都会收到此错误消息：

HTTP 状态 401 - 访问此资源需要完全身份验证

我尝试了两种发送请求的方法，一种是通过邮递员

第二个通过 curl：

curl -i --user admin:password --request POST --data {"text":"this is a new Post"} http://localhost:8080/createPost

我在这里不知所措，因此需要创建这篇文章。任何帮助都感激不尽。

这是 curl 响应，以防它可能阐明问题：

1.1 401 Set-Cookie：JSESSIONID=6FE84B06E90BE7F2348C0935FE3DA971；路径=/；HttpOnly X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 X-Frame-Options: DENY WWW-Authenticate: Basic realm= + getRealmName() + 内容长度：75 日期：2020 年 9 月 10 日星期四 13:47:14 GMT

HTTP 状态 401 - 访问此资源需要完全身份验证