Spring Security:类中的Commence方法,不会调用BasicAuthenticationEntryPoint

时间:2014-04-26 18:26:10

标签: java android spring spring-security basic-authentication

我试图从Android应用程序到Web后端进行休息登录。在我的网络应用程序中:

我有这个类扩展BasicAuthenticationEntryPoint:

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.http.MediaType;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;

public class CustomBasicAuthenticationEntryPoint extends
        BasicAuthenticationEntryPoint {

    @Override
    public void afterPropertiesSet() throws Exception {
        // TODO Auto-generated method stub
        super.afterPropertiesSet();
    }

    @Override
    public void commence(HttpServletRequest request,
            HttpServletResponse response, AuthenticationException authException)
            throws IOException, ServletException {
        response.setHeader("WWW-Authenticate", "Basic realm=\"" + getRealmName() + "\"");
        response.setContentType(MediaType.APPLICATION_JSON_VALUE);
        response.getOutputStream().println("{\"responseCode\":\"FAILED\"}");
        response.getOutputStream().flush();
        //super.commence(request, response, authException);
    }

然后我有这个类扩展BasicAuthenticationFilter:

import java.io.IOException;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.stereotype.Component;

@Component("customBasicAuthFilter")
public class CustomBasicAuthFilter extends BasicAuthenticationFilter {

    @Autowired
    public CustomBasicAuthFilter(AuthenticationManager authenticationManager)
    {
        super(authenticationManager);
    }

    @Override
    protected void onSuccessfulAuthentication(HttpServletRequest request,
            HttpServletResponse response, Authentication authResult)
            throws IOException {
        response.setContentType(MediaType.APPLICATION_JSON_VALUE);
        super.onSuccessfulAuthentication(request, response, authResult);
    }
}

这是配置:

<security:http realm="appApi" pattern="/rest/**" entry-point-ref="restAuthenticationEntryPoint" create-session="stateless">
    <security:custom-filter ref="customBasicAuthFilter" position="BASIC_AUTH_FILTER"/>
</security:http>
<bean id="customBasicAuthFilter" class="org.springtest.mavenspringapp.service.CustomBasicAuthFilter"></bean>

<bean id="restAuthenticationEntryPoint" class="org.springtest.mavenspringapp.service.CustomBasicAuthenticationEntryPoint">
    <property name="realmName" value="appApi"></property>
</bean>

我的控制器看起来像这样:

@Controller
@RequestMapping(value = "/rest")
public class RestController {


    /************** AJAX Methods ****************/
    @RequestMapping(value = "/login/", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
    public @ResponseBody String ajaxLogin(HttpServletRequest request, HttpServletResponse response)
    {
        return "Success";
    }
}

试图进行休息登录的android代码如下:

public class UserLoginTask extends AsyncTask<Void, Void, Boolean> {
        @Override
        protected Boolean doInBackground(Void... params) {
            // TODO: attempt authentication against a network service.
            //boolean success = JSONAuthenticationHandler.JSONAuthenticationResult(mEmail, mPassword);
            HttpAuthentication authHeader = new HttpBasicAuthentication(mEmail, mPassword);
            HttpHeaders requestHeaders = new HttpHeaders();
            requestHeaders.setAuthorization(authHeader);
            requestHeaders.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
            requestHeaders.add("Content-Type", MediaType.APPLICATION_JSON_VALUE);

            RestTemplate restTemplate = new RestTemplate();
            restTemplate.getMessageConverters().add(new MappingJacksonHttpMessageConverter());

            try
            {
                ResponseEntity<String> response = restTemplate.exchange(    "http://192.168.1.12:8080/mavenspringapp/rest/login/", 
                                                                            HttpMethod.GET, 
                                                                            new HttpEntity<Object>(requestHeaders), 
                                                                            String.class);
                String loginResult = response.getBody();

                return true;
            }
            catch (HttpClientErrorException ex)
            {
                return false;
            }
            catch (ResourceAccessException ex)
            {
                return false;
            }
            catch (Exception ex)
            {
                ex.getCause();
                return false;
            }
        }
}

我正在调试这两个应用程序(Eclipse ADT和Spring Toolsuite)。根据我读到的关于spring安全性的文档,在身份验证失败时调用begin,但我在我的方法中放置了一个断点并且从未执行过,更糟糕的是,控制器被执行并返回字符串成功。

我是否误解了春季安全的运作方式或者是否缺少某些东西?请帮忙。提前谢谢。

0 个答案:

没有答案
相关问题
最新问题