使用GET

时间:2015-12-01 12:33:42

标签: spring spring-mvc spring-security

我正在使用REST“登录”功能来验证服务器。验证成功但是当我尝试使用登录功能生成的'x-auth-token'访问URL时,我获得了HTTP 401的授权。我做错了什么?

@RequestMapping(value = "login", method = GET) 
public String login(@RequestParam("user") String username,
                    @RequestParam("password") String password,
                    @RequestParam("customerId") String customerId,
                    HttpServletRequest req) throws Exception 
{           
    // Force session creation so it's available to Spring Security post processor filter
    req.getSession(true);

    // Authenticate using AuthenticationManager configured on SecurityContext   
    AuthenticationManager authMgr = securityConfig.authenticationManagerBean();
    UsernamePasswordAuthenticationToken authReq = new UsernamePasswordAuthenticationToken(username, password);
    authReq.setDetails(authenticationDetailsSource.buildDetails(req));
    Authentication authResp = authMgr.authenticate(authReq);

    // If successful add the authentication response to context so the post processor filter can save it to session         
    SecurityContextHolder.getContext().setAuthentication(authResp);

    return "LOGIN OK";
}

安全配置:

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
    @Autowired
    private CustomAuthenticationProvider customAuthenticationProvider;

    @Override
    public void configure(WebSecurity web) throws Exception 
    {
        web.ignoring().antMatchers("/session/**"); 
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception
    {           
        http.authorizeRequests().anyRequest().authenticated().and().requestCache().requestCache(new NullRequestCache()).and().httpBasic();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception 
    {                   
        auth.authenticationProvider(customAuthenticationProvider); 
    }

}

0 个答案:

没有答案