我正在客户端站点上使用JavaFX和Spring4编写信使,在服务器站点上编写Spring4。我用spring-security 3.2保护了服务器。现在我的问题:我在客户端上有一个登录页面,将登录信息发送到spring-security并接收JSESSIONID cookie。这工作正常,但当我尝试用我的请求发送JSESSIONID时,我变成了
org.springframework.web.client.RestClientException: Could not extract response: no suitable HttpMessageConverter found for response type [class org.messenger.rest.JSONConversationResult] and content type [text/html;charset=UTF-8]
服务器Inizializer
public class SpringMvcInitializer extends
AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] {ApplicationConfig.class};
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[] {WebConfig.class};
}
@Override
protected String[] getServletMappings() {
return new String[] {"/"};
}
}
Server SecurityInizializer
public class SpringSecurityInitializer extends
AbstractSecurityWebApplicationInitializer {
}
Server SecurityConfig
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DriverManagerDataSource dataSource;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
String authQuery = "select userid, authority from user where userid = ?";
String userQuery = "select userid, pw, enabled from user where userid = ?";
auth.jdbcAuthentication().dataSource(dataSource)
.passwordEncoder(passwordEncoder())
.usersByUsernameQuery(userQuery)
.authoritiesByUsernameQuery(authQuery);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/register").permitAll()
.antMatchers("/getconvs", "/getcontacts").hasRole("USER")
.and()
.formLogin()
.and()
.csrf().disable();
}
@Bean
public AuthenticationEntryPoint authenticationEntryPoint() {
return new de.daschner.messenger.security.AuthenticationEntryPoint();
}
@Bean
public SuccessHandler successHandler() {
return new SuccessHandler();
}
@Bean
public SimpleUrlAuthenticationFailureHandler failureHandler() {
return new SimpleUrlAuthenticationFailureHandler();
}
@Bean
public AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder(11);
}
}
安全“页面”的服务器请求映射
@RequestMapping(value="/getconvs", method={RequestMethod.GET},
produces={MediaType.APPLICATION_JSON_VALUE})
public @ResponseBody JSONConversationResult getConvsList(HttpServletRequest request, @RequestParam(value="uid") String uid){
JSONConversationResult ret = new JSONConversationResult();
Map<String, Map<Date, String>> convs = convService.getConvsList(uid);
if (convs != null) {
ret.setConversations(convs);
ret.setMessage("OK");
ret.setError(0);
} else {
ret.setError(1);
ret.setMessage("Verbindungsfehler");
}
return ret;
}
客户端发送登录并获取Cookie
Map<String, String> loginform = new HashMap<String, String>();
loginform.put("username", user);
loginform.put("password", pw);
HttpEntity<Map<String, String>> login = new HttpEntity<Map<String, String>>(loginform);
ResponseEntity<HttpServletResponse> response = restTemplate.exchange(
"http://localhost:8080/messenger-webapp/login",
HttpMethod.POST,
login,
HttpServletResponse.class);
HttpHeaders headers = response.getHeaders();
Set<String> keys = headers.keySet();
String cookie = "";
for (String header : keys) {
if (header.equals("Set-Cookie")) {
cookie = headers.get(header).get(0);
}
}
String jsessionid = cookie.split(";")[0];
conf.setJsessionid(jsessionid.split("=", 2)[1]);
return ret;
客户端发送带请求的JSESSIONID
ResponseEntity<JSONConversationResult> response = restTemplate.exchange(
"http://localhost:8080/messenger-webapp/getconvs?uid=" + uid,
HttpMethod.GET,
getAuthHeader(),
JSONConversationResult.class);
JSONConversationResult ret = response.getBody();
return ret;
private HttpEntity<String> getAuthHeader() {
HttpHeaders requestHeaders = new HttpHeaders();
requestHeaders.add("Cookie", "JSESSIONID=" + config.getJsessionid());
return new HttpEntity<String>(requestHeaders);
}
我希望你能帮助我。
修改
好的,我发现问题不在于JSESSIONID没有正确发送。但我的登录不正确,我的查询是从数据库中获取用户。
正确的登录帖子
ClientHttpResponse response = restTemplate.execute(
"http://localhost:8080/messenger-webapp/login",
HttpMethod.POST,
new RequestCallback() {
@Override
public void doWithRequest(ClientHttpRequest request) throws IOException {
request.getBody().write(("username=" + user + "&password=" + pw).getBytes());
}
},
new ResponseExtractor<ClientHttpResponse>() {
@Override
public ClientHttpResponse extractData(ClientHttpResponse response)
throws IOException {
return response;
}
});
正确的查询
String authQuery = "select u.userid, r.role_name from user u, role r, user_role a where u.dbid = a.user_id and r.dbid = a.role_id and u.userid = ?";
我希望这会有助于其他人。如果有人有其他选择,请告诉我。
答案 0 :(得分:1)
好的,我发现问题不在于JSESSIONID没有正确发送。但我的登录不正确,我的查询是从数据库中获取用户。
正确的登录帖子
ClientHttpResponse response = restTemplate.execute(
"http://localhost:8080/messenger-webapp/login",
HttpMethod.POST,
new RequestCallback() {
@Override
public void doWithRequest(ClientHttpRequest request) throws IOException {
request.getBody().write(("username=" + user + "&password=" + pw).getBytes());
}
},
new ResponseExtractor<ClientHttpResponse>() {
@Override
public ClientHttpResponse extractData(ClientHttpResponse response)
throws IOException {
return response;
}
});
正确的查询
String authQuery = "select u.userid, r.role_name from user u, role r, user_role a where u.dbid = a.user_id and r.dbid = a.role_id and u.userid = ?";
我希望这会有助于其他人。如果有人有其他选择,请告诉我。