使用java中的http头在Spring安全性中传递基本身份验证详细信息

Question

我正在我的restful web服务中实现spring security。我正在使用http-basic身份验证，现在当我尝试访问我的服务时，会出现一个Windows安全对话框，询问用户名和密码，现在我想通过http标头传递用户名和密码，这样我就不需要了在安全对话中专门输入详细信息。我的安全配置文件看起来像 -

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <http auto-config="true" create-session="stateless">
        <intercept-url pattern="/**" access="ROLE_USER" />
        <http-basic />
    </http>

    <authentication-manager>
      <authentication-provider>
       <!--  <user-service>
        <user name="yoman" password="123456" authorities="ROLE_USER" />
        </user-service> -->
        <jdbc-user-service data-source-ref="dataSource"

           users-by-username-query="
              select username,password, enabled 
              from users where username=?" 

           authorities-by-username-query="
              select u.username, ur.authority from users u, user_roles ur 
              where u.user_id = ur.user_id and u.username =?  " 

        />
      </authentication-provider>
    </authentication-manager>

</beans:beans> 

我试图使用像这样的授权标题传递用户名和密码 -

HttpHeaders requestHeaders = new HttpHeaders();
requestHeaders.set("Authorization", "Basic "
        + "username:password");

但是每当我访问该服务时，它都会向我询问用户名和密码。

我做错了什么，这里有正确的方法。我将非常感谢您提供的任何帮助。

Answer 1

您可以将RestTemplate与Apache Commons Http Client一起使用。构建一个CommonsHttpClientFactory 并将其作为构造函数args注入resttemplate，你很高兴。这是一些基本配置，可以帮助你入门。

context.xml

 <bean id="webServiceClient" class="com.webserviceclient.Client">
        <constructor-arg ref="restTemplate"/>
        <constructor-arg ref="credentials"/>
    </bean>

    <bean id="httpClientParams" class="org.apache.commons.httpclient.params.HttpClientParams">
        <property name="authenticationPreemptive" value="true"/>
        <property name="connectionManagerClass"
                  value="org.apache.commons.httpclient.MultiThreadedHttpConnectionManager"/>
    </bean>
    <bean id="httpClient" class="org.apache.commons.httpclient.HttpClient">
        <constructor-arg ref="httpClientParams"/>
    </bean>
    <bean id="credentials" class="org.apache.commons.httpclient.UsernamePasswordCredentials">
        <constructor-arg><value>${webservice.username}</value></constructor-arg>
        <constructor-arg><value>${webservice.password}</value></constructor-arg>
    </bean>
    <bean id="httpClientFactory" class="org.springframework.http.client.CommonsClientHttpRequestFactory">
        <constructor-arg ref="httpClient"/>
    </bean>

    <bean id="restTemplate" class="org.springframework.web.client.RestTemplate">
        <constructor-arg ref="httpClientFactory"/>

        <property name="messageConverters">
            <list>
                <bean class="org.springframework.http.converter.json.MappingJacksonHttpMessageConverter">
                </bean>
            </list>
        </property>
    </bean>

    <bean id="jaxbMarshaller" class="org.springframework.oxm.jaxb.Jaxb2Marshaller">
        <property name="classesToBeBound">
            <list>
                <value>your classes</value>
            </list>
        </property>
    </bean>

<强> Client.java

public class Client {

    private final RestTemplate restTemplate;
    private final Credentials credentials;


    public Client(RestTemplate restTemplate, Credentials credentials) {
        this.restTemplate = restTemplate;
        this.credentials = credentials;
        CommonsClientHttpRequestFactory factory = (CommonsClientHttpRequestFactory) restTemplate.getRequestFactory();
        HttpClient client = factory.getHttpClient();
        client.getState().setCredentials(AuthScope.ANY, this.credentials);
    }
    //consuming websevice
    public <yourObject> get(String url)
    {
      return restTemplate.getForObject(url, <yourObject>.class);
    }

}

干杯。