使用Spring Security的GAE REST服务和HTTP基本身份验证

时间:2012-11-19 22:04:08

标签: spring google-app-engine spring-security jersey

我正在尝试使用Spring Security实现基于JAX-RS Jersey的REST服务的HTTP基本身份验证,并在App Engine上运行。我找到了几个例子和教程,但它对我不起作用。每当我访问资源时,都不需要进行身份验证,并且会在相应的正文中重新调整200 OK。

以下摘自我的web.xml。

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/application-context.xml
        /WEB-INF/security-context.xml
    </param-value>
</context-param>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/resources/*</url-pattern>
</filter-mapping>

<servlet>
    <servlet-name>SystemServiceServlet</servlet-name>
    <servlet-class>com.google.api.server.spi.SystemServiceServlet</servlet-class>
    <init-param>
        <param-name>services</param-name>
        <param-value/>
    </init-param>
</servlet>

<servlet>
    <servlet-name>JerseyServlet</servlet-name>
    <servlet-class>com.sun.jersey.spi.spring.container.servlet.SpringServlet</servlet-class>
    <init-param>
        <param-name>com.sun.jersey.config.property.packages</param-name>
        <param-value>com.example.endpoint</param-value>
    </init-param>
    <init-param>
        <param-name>com.sun.jersey.api.json.POJOMappingFeature</param-name>
        <param-value>true</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>JerseyServlet</servlet-name>
    <url-pattern>/resources/*</url-pattern>
</servlet-mapping>

这里摘录自security-context.xml。

<sec:http create-session="stateless">
    <sec:intercept-url pattern="/resources/**" access="ROLE_USER" />
    <sec:http-basic />
</sec:http>

<sec:authentication-manager>
    <sec:authentication-provider>
        <sec:user-service>
             <sec:user name="admin" password="0000" authorities="ROLE_USER" />
        </sec:user-service>
    </sec:authentication-provider>
</sec:authentication-manager>

任何人都可以看到有什么问题吗?

0 个答案:

没有答案