我的网络应用程序中有@RestController,为了安全起见,我想在我的身份验证提供程序中使用此服务。请您告诉我们如何实现这一目标? (仅供参考:我正在使用Spring启动)
例如,我的REST服务网址是:http://localhost:8080/authentication.json
登录页面网址:http://localhost:8080/login
我的问题类似于以下问题,但不同的是,REST服务在同一个应用程序中可用。所以我希望不需要REST模板或HTTPUrl连接?请指教。
spring security login with rest web service
以下是示例代码段。
@RestController
@RequestMapping("authorize")
public AuthorizeController{
@RequestMapping(method = RequestMethod.PUT, produces = "application/json")
public Employee authorize(@RequestParam String username) {
return employee;
}
}
@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
CustomAuthenticationProvider provider;
@Override
protected void configure(HttpSecurity http) throws Exception {
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(provider);
}
}
public class CustomAuthenticationProvider implements AuthenticationProvider {
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
// Here i need to call REST Service . which is present in the same application.
}
@Override
public boolean supports(Class<?> authentication) {
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
}
感谢。