使用filter-name contextConfigLocation spring securtiy时,无法将数据发送到数据库

时间:2015-09-24 07:40:22

标签: spring spring-mvc spring-security

我使用具有spring security的restful web服务来保护访问URL。在添加spring security之前,我可以正常地将数据发送到数据库。在向web.xml添加一些spring security名称后,我无法将数据发送到数据库,如下所示:

-web.xml 

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
 </filter>

 <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
 </filter-mapping>

添加一些弹簧安全的填充名称后,我使用postman test将数据发送到数据库,它显示如下错误:

<!DOCTYPE html>
<html>
    <head>
        <title>Pivotal tc Runtime 3.1.1.RELEASE/8.0.23.A.RELEASE - Error report</title>
        <style type="text/css">H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}.line {height: 1px; background-color: #525D76; border: none;}</style>
    </head>
    <body>
        <h1>HTTP Status 401 - Bad credentials</h1>
        <div class="line"></div>
        <p>
            <b>type</b> Status report
        </p>
        <p>
            <b>message</b>
            <u>Bad credentials</u>
        </p>
        <p>
            <b>description</b>
            <u>This request requires HTTP authentication.</u>
        </p>
        <hr class="line">
            <h3>Pivotal tc Runtime 3.1.1.RELEASE/8.0.23.A.RELEASE</h3>
        </body>
    </html>

请帮助我!

1 个答案:

答案 0 :(得分:0)

您缺少安全配置请看下面的内容:

    <http auto-config="true">
        <intercept-url pattern="/url_pattern_of_your_rest_api**" access="ROLE_USER" />
    </http>

    <authentication-manager>
      <authentication-provider>
        <user-service>
        <user name="username" password="password" authorities="ROLE_USER" />
        </user-service>
      </authentication-provider>
    </authentication-manager>

这是一个基本示例,您可以配置为从数据库中查找用户和授权授权。

<authentication-manager>
      <authentication-provider>
        <jdbc-user-service data-source-ref="dataSource"
          users-by-username-query=
            "select username,password, enabled from users where username=?"
          authorities-by-username-query=
            "select username, role from user_roles where username =?  " />
      </authentication-provider>
    </authentication-manager>

由于它是一个休息api,因此拥有一个自定义AuthenticationEntryPointpoint是完全合理的,默认行为是重定向到一个在REST Api中没用的登录页面。

public class RestAuthenticationEntryPoint implements AuthenticationEntryPoint {

    public void commence( HttpServletRequest request, HttpServletResponse response, AuthenticationException authException ) throws IOException, ServletException {
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED,"Unauthorized");
    }

}

您必须将上述内容配置为bean,并在<http>标记中使用entry-point-ref属性进行引用。

相关问题
最新问题