我使用REST webservice创建了简单的spring安全演示。 我花了很多时间在It.Need强有力的指针关于简单的工作弹簧安全性休息webservice与最新版本。 我的控制器是
@Controller
public class RestContoller {
@RequestMapping(value = "/countryJSONProduce", method = RequestMethod.GET)
public ResponseEntity<CountryDetail> getCountryJSON() {
CountryDetail countryDetail = new CountryDetail("Values");
ResponseEntity<CountryDetail> rentity = new ResponseEntity<CountryDetail>(countryDetail, HttpStatus.OK);
return rentity;
}
@RequestMapping(value = "/countryJSONConsume", consumes = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.POST)
public String consumeJSON(@RequestBody CountryDetail countryDetail) {
System.out.println("Country Detail Example");
return "home";
}
}
web.xml is
<servlet>
<servlet-name>springrest</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>springrest</servlet-name>
<url-pattern>/hello/*</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-security.xml
/WEB-INF/springrest-servlet.xml
</param-value>
</context-param>
my pom.xml is
<properties>
<spring.version>4.1.0.RELEASE</spring.version>
<springsecurity.version>4.0.2.RELEASE</springsecurity.version>
</properties>
<dependencies>
<!-- for Jsp use -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
</dependency>
<!-- Spring mvc and Core -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<!-- Spring mvc and Core -->
<!-- JSON Response Spring Framework 4.1, the minimum jackson version should
be 2.1 -->
<!-- Compatiable Spring Framework 4.1 -->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.5.3</version>
</dependency>
<!-- Spring Authentication Start -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${springsecurity.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${springsecurity.version}</version>
</dependency>
<!-- Spring Authentication End -->
</dependencies>
When I Run the code sometimes it shows popup in my Eclipse Mars INTENAL
browser for user and password.when i put my credentials it will goes to
localhost:8080/SpringMavenRest2/ welcome page ok.when I hit the
url localhost:8080/SpringMavenRest2/hello/countryJSONProduce
which is calling my first service.. it is showing the Error :Access to
the specified resource has been forbidden.403
Even I put user name and
password as basic auth.Now I am testing this second url FROM CHROME
POSTMAN CLIENT.
I am using this configuration Java 1.8 ,Tomcat 8.0
spring.version4.1.0.RELEASE ,springsecurity.version 4.0.2.RELEASE.
and maven 3.3
Its
working well without authentication.Could you give any best referenced demo
for spring security with basic authentication. I have refered this also
http://www.mkyong.com/spring-security/spring-security-hello-world-example/
答案 0 :(得分:1)
试试这个:
<security:intercept-url pattern="/hello/**" access="hasRole('ROLE_USER'') "/>
and / or
<security:intercept-url pattern="/**" access="hasAnyRole('IS_AUTHENTICATED_ANONYMOUSLY','ROLE_USER')"/>