我想使用Rest Spring控制器通过JSON格式使用Spring Security对用户进行身份验证。
休息控制器
@RestController
@RequestMapping("/rest/api/login")
public class UserRestController {
@Autowired
@Qualifier(value = "authenticationManager")
private AuthenticationManager authenticationManager;
@RequestMapping(method = RequestMethod.POST, headers = {"Accept=application/json"})
public Map<String, String> login(@RequestParam("login") String username, @RequestParam("password") String password) {
Map<String, String> response = new HashMap<String, String>();
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);
try {
Authentication auth = authenticationManager.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(auth);
response.put("status", "true");
return response;
} catch (BadCredentialsException ex) {
response.put("status", "false");
return response;
}
}}
弹簧security.xml文件
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/" access="permitAll" />
<intercept-url pattern="/welcome" access="isAnonymous()" />
<intercept-url pattern="/login" access="isAnonymous()" />
<intercept-url pattern="/logout" access="isAnonymous()" />
<intercept-url pattern="/listUsers" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/userInfo"
access="hasAnyRole('ROLE_USER', 'ROLE_ADMIN')" />
<intercept-url pattern="/admin" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/other/**" access="isAuthenticated()" />
<access-denied-handler error-page="/403" />
<form-login login-page='/' login-processing-url="/j_spring_security_check"
default-target-url="/" always-use-default-target="false"
authentication-failure-url="/login?error=true" username-parameter="login"
password-parameter="password" />
<logout logout-url="/logout" logout-success-url="/logoutSuccessful"
delete-cookies="JSESSIONID" invalidate-session="true" />
</http>
<authentication-manager alias="authenticationManager">
<!-- authentication from database -->
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select login, password, enabled from users where login=?"
authorities-by-username-query="select login, role from users where login=?" />
</authentication-provider>
</authentication-manager>
</beans:beans>
然后我尝试使用JSON参数运行http://localhost:8080/app/rest/api/login
{"login":"a","password":"a"}
但我收到HTTP状态400 - 必需字符串参数'login'不存在。
任何人都可以帮助我吗?我究竟做错了什么 ?怎么解决?
我想在移动应用Android中使用此服务。