伙计,
我正在使用这个使用Spring Security的应用程序,并使用jQuery对一些REST资源进行AJAX调用。 这是场景:
在我的视图(JSP)中,我有以下内容:
var prodReq = JSON.stringify( ({'platformVersionRequest' : {'skuCode':skuCode,'customerGuid': customerGuid, 'storeCode' : storeCode} }));
request = jQuery.ajax({ //Start AJAX request
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json'
},
type: "POST",
url: "/webservices/resource/pd",
dataType:'json',
data: prodReq,
success: function(data){
....
....
},
error:function(){}
});
现在,托管上述代码段的页面已使用Spring安全保护,提供了一个'ROLE'和'requires-channel',如下所示:
<intercept-url pattern="/resource/pd/**" access="ROLE_CUSTOMER" requires-channel="https" />
现在,我面临的问题是每次访问此页面时,Spring安全性都会启动并显示登录页面(这是预期的和我想要的)。但是,一旦我登录,我的REST资源就会被调用,并向用户显示一个我不想要的Basic Auth弹出窗口。
似乎Ajax请求无法理解资源已成功通过身份验证,因为一旦我输入正确的凭据,系统就不会提示我输入密码。
为了补充一下,我使用后端JAVA代码进行了一些REST调用,我们在头文件中将用户名和密码作为base 64编码的字符串传递。这里需要的是同样的东西吗?如果是,我如何从Javascript中获取Spring安全性的身份验证详细信息?
对此有任何意见。
编辑1: 安全配置:
<http realm="Web Services" auto-config="false" entry-point-ref="basicAuthenticationEntryPoint">
<intercept-url pattern="/resource/pd/**" access="ROLE_CUSTOMER" requires-channel="https" />
....
....
</http>
<port-mappings>
<port-mapping http="${ep.ws.port.http}" https="${ep.ws.port.https}" />
</port-mappings>
<custom-filter position="BASIC_AUTH_FILTER" ref="basicAuthenticationFilter" />
</http>
<authentication-manager>
<authentication-provider user-service-ref="customerAuthenticationDao">
<password-encoder ref="sha256PasswordEncoder">
<salt-source ref="customerSaltSource"/>
</password-encoder>
</authentication-provider>
<authentication-provider user-service-ref="cmUserAuthenticationDao">
<password-encoder ref="cmPasswordEncoder"/>
</authentication-provider>
</authentication-manager>
<beans:bean id="basicAuthenticationFilter"
class="com.abc.xyz.web.authentication.www.ExtLdapBasicAuthenticationFilter"
p:authenticationManager-ref="customerAuthenticationManager"
p:authenticationEntryPoint-ref="basicAuthenticationEntryPoint"
p:customerService-ref="customerService" />
<beans:bean id="basicAuthenticationEntryPoint"
class="com.abc.xyz.security.impl.PlainTextBasicAuthenticationEntryPoint" p:realmName="Web Services"/>
<beans:bean id="customerAuthenticationDao" parent="txProxyTemplate">
<beans:property name="target">
<beans:bean class="com.abc.xyz.rest.security.impl.CustomerUserDetailsServiceImpl">
<beans:property name="customerService" ref="customerService" />
<beans:property name="storeHelper" ref="storeHelper" />
</beans:bean>
</beans:property>
</beans:bean>
<beans:bean id="customerAuthenticationManager" class="org.springframework.security.authentication.ProviderManager">
<beans:property name="providers">
<beans:list>
<beans:ref local="ldapAuthenticationProvider" />
<beans:ref local="customerAuthenticationProvider" />
<beans:ref local="cmUserAuthenticationProvider" />
</beans:list>
</beans:property>
</beans:bean>
.......
.......
.......
</beans:beans>