Spring Security - 认证入口点之后的流程

时间:2015-03-10 05:53:49

标签: rest spring-security

我正在尝试使用spring security来保护我的REST服务。我的问题是,我已经停留在身份验证入口点。虽然我已经配置了UsernamePasswordAuthenticationFilter,但执行流程无法到达那里。 以下是XML配置

<sec:http create-session="stateless" auto-config="false"
                authentication-manager-ref="authenticationManager"
                entry-point-ref="http403EntryPoint"
                >

        <sec:form-login
            login-processing-url="/login"
            password-parameter="password"
            username-parameter="username"
            />

        <!-- <sec:custom-filter ref="tokenCreatorAndValidator" position="FORM_LOGIN_FILTER"  /> -->

        <sec:intercept-url pattern="/**" 
                       method="POST"
                       access="ROLE_USER" 
                       />
    </sec:http>

    <sec:authentication-manager alias="authenticationManager">
            <sec:authentication-provider user-service-ref="authenticatorDAO">
            </sec:authentication-provider>
    </sec:authentication-manager>

<bean id="http403EntryPoint"
        class="com.app.login.RestAuthenticationEntryPoint" />

AuthenticationEntryPoint的代码如下所示。

public class RestAuthenticationEntryPoint implements AuthenticationEntryPoint{

   @Override
   public void commence( HttpServletRequest request, HttpServletResponse response, 
    AuthenticationException authException ) throws IOException{
       System.out.println("in RestAuthenticationEntrypoint\n--------------------------------------\n");
      response.sendError( HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized" );
   }
}

任何人都可以告诉我这里做错了什么吗?

1 个答案:

答案 0 :(得分:0)

很抱歉无法发表评论,因此将其发布为答案。

检查是否在现有配置中调用了ExceptionTranslationFilter。

OR

您是否在ExceptionTranslationFilter中注入了http403EntryPoint?

 <bean id="etf" class="org.springframework.security.web.access.ExceptionTranslationFilter">
        <property name="authenticationEntryPoint" ref="http403EntryPoint"/>
 </bean

&GT;