使用Spring Security,Jersey和AngularJS对表单进行身份验证

时间:2016-12-10 20:56:31

标签: angularjs spring rest spring-security jersey

我正在尝试使用spring security 3.2.6来验证我的Web应用程序中使用AngularJS 1.5.9和Jersey(执行Rest服务)的表单。

这是我的登录表单:

<!DOCTYPE html>
<html>
<head>
<meta charset="ISO-8859-1">
<title>MongoGlass | Login</title>

<style>
body {
    padding-top: 20px;
}

.error {
    color: red;
}
</style>

</head>
<body>
    <div class="container">
        <div class="row">
            <div class="col-md-4 col-md-offset-4">
                <div class="panel panel-default">
                    <div class="panel-heading">
                        <h3 class="panel-title">Please sign in</h3>
                    </div>
                    <div class="panel-body">
                        <form accept-charset="UTF-8" role="form" name="loginForm"
                            novalidate>
                            <fieldset>
                                <div class="form-group">
                                    <input class="form-control" placeholder="Username"
                                        name="username" type="text" ng-model="login.username" required>
                                    <span ng-class="{'error': loginForm.username.$error.required}"
                                        ng-show="loginForm.username.$error.required && loginForm.$submitted">Insert your username</span>
                                </div>
                                <div class="form-group">
                                    <input class="form-control" placeholder="Password"
                                        name="password" type="password" ng-model="login.password"
                                        required>
                                    <span ng-class="{'error': loginForm.password.$error.required}"
                                    ng-show="loginForm.password.$error.required && loginForm.$submitted">Campo
                                    obbligatorio</span>     
                                </div>
                                <input class="btn btn-lg btn-success btn-block" type="submit" 
                                value="Login" ng-click="loginForm.$valid && submit(login)">
                            </fieldset>
                        </form>
                    </div>
                </div>
            </div>
        </div>
    </div>
</body>
</html>

当表单被汇总时,它在相应的AngularJS控制器中被称为sumbit(credentials)函数:

var myApp = angular.module('LoginModule', []);

myApp.controller('LoginController', ['$scope','$http', function($scope, $http){

    $scope.submit = function(credential) {

        var name = credential.username;
        var password = credential.password;

        var login = {
                "name":name,
                "password":password
        }
        $http(
                {
                    method : 'POST',
                    url : "/mongoglass-rest/rest/login/authenticate",
                    headers : {
                        'Content-Type' : 'application/x-www-form-urlencoded; charset=UTF-8'
                    },
                    data : login 
                })
                .success(function(response,status) {
                }); 
    }
}])

通过这种方式,submit函数调用/rest/login/authenticate,这是我的登录表单使用spring-security处理的地方:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:security="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security.xsd
    http://www.springframework.org/schema/context 
    http://www.springframework.org/schema/context/spring-context.xsd">

    <context:annotation-config />
    <context:component-scan base-package="it.project.mongoglass.rest" />

    <beans:bean id="mySuccessHandler" class="it.project.mongoglass.rest.spring.security.RestSuccessHandler">
        <beans:property name="defaultTargetUrl" value="/rest/login/authenticate"></beans:property>
    </beans:bean>

    <security:http 
        realm="Protected API"
        use-expressions="true"
        auto-config="false"
        create-session="stateless"
        entry-point-ref="preAuthenticatedProcessingFilterEntryPoint"
        authentication-manager-ref="authenticationManager">
        <security:form-login login-processing-url="/rest/login/authenticate" 
                             username-parameter="username" password-parameter="password"
                             authentication-success-handler-ref="mySuccessHandler"></security:form-login>
        <security:intercept-url pattern="/rest/login/**" access="permitAll" />
    </security:http>

    <beans:bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
        <beans:property name="providers">
            <beans:list>
                <beans:ref bean="daoAuthenticationProvider"/>
            </beans:list>
        </beans:property>
    </beans:bean>

    <beans:bean id="daoAuthenticationProvider" 
                class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
      <beans:property name="userDetailsService" ref="daoUserDetailsService"/>
      <beans:property name="passwordEncoder" ref="shaPasswordEncoder"/>
    </beans:bean>

    <beans:bean id="daoUserDetailsService" class="it.project.mongoglass.rest.spring.service.impl.UserDetailsServiceImpl" />

    <beans:bean id="shaPasswordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
        <beans:constructor-arg value="256"/>
    </beans:bean>

</beans:beans>

这不起作用,当我提交表格时,我得到404.

1 个答案:

答案 0 :(得分:0)

$http(
    {  ...
       url : "/mongoglass-rest/rest/login/authenticate",
       ...
    }
过滤器中的

和url不同。

login-processing-url="/rest/login/authenticate"