java [服务器端]中的认证弹簧休息服务

时间:2014-05-21 12:37:13

标签: java spring rest spring-mvc spring-security

我有一个spring项目,它向其他人公开了一些api,但他们需要进行身份验证才能使用该服务。

@Configuration
@EnableWebSecurity
public class SecConfig extends WebSecurityConfigurerAdapter{
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth)
            throws Exception {
        auth.inMemoryAuthentication().withUser("admin").password("admin")
                .roles("USER");
    }
}

当我使用此弹簧配置时,我可以使用下面的客户端项目验证和使用该服务

public void getRestValue() {
        final String url = "http://localhost:8080/template/getData";
        final String username = "admin@admin.com";
        final String password = "admin";
        // Populate the HTTP Basic Authentitcation header with the username and
        // password
        RestTemplate restTemplate = new RestTemplate();
        String plainCreds = username + ":" + password;
        byte[] plainCredsBytes = plainCreds.getBytes();
        byte[] base64CredsBytes = Base64.encodeBase64(plainCredsBytes);
        String base64Creds = new String(base64CredsBytes);
        HttpHeaders headers = new HttpHeaders();
        headers.add("Authorization", "Basic " + base64Creds);
        HttpEntity<String> request = new HttpEntity<String>(headers);
        ResponseEntity<String> response = restTemplate.exchange(url,
                HttpMethod.GET, request, String.class);
        System.out.println(response);
        String account = response.getBody();
        System.out.println(account);
    }

但是当我使用以下配置使用我的userservice从DB获取值时,我将获取登录页面作为响应

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    AppUserDetailsService appUserDetailsService;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth)
            throws Exception {
        auth.userDetailsService(appUserDetailsService);
    }

    @Override
    public void configure(WebSecurity webSecurity) throws Exception {
        webSecurity.ignoring().antMatchers("/resources/**");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable().authorizeRequests().antMatchers("/setup/*")
                .permitAll().antMatchers("/login").permitAll()
                .antMatchers("/logout").permitAll().anyRequest()
                .authenticated().and().formLogin().loginPage("/login")
                .loginProcessingUrl("/j_spring_security_check")
                .usernameParameter("j_username")
                .passwordParameter("j_password").failureUrl("/login")
                .defaultSuccessUrl("/").permitAll().and().logout()
                .logoutUrl("/j_spring_security_logout")
                .logoutSuccessUrl("/login").deleteCookies("JSESSIONID")
                .invalidateHttpSession(true);
    }
}

请告诉我哪里出错了

1 个答案:

答案 0 :(得分:0)

您的客户端使用HTTP基本身份验证,但您的服务器仅配置为表单身份验证。尝试在.httpBasic()方法中添加configure(HttpSecurity http)

相关问题
最新问题