REST客户端的Spring Security基本授权

时间:2017-12-21 11:49:21

标签: java rest spring-mvc spring-security basic-authentication

我有两个申请。其中一个名为前端的弹簧安全已激活,并且正在使用登录提示正常工作。当涉及到名为 module 的其他应用程序想要使用Spring的RestTemplate对我的应用程序的REST端点发出post请求时,它就不起作用了。

使用curl测试授权尝试会产生以下结果:

C:\Users\me>curl -i -X Post -H "Authorization: Basic YWRtaW46YWRtaW4=" http://localhost:8080/log/get
HTTP/1.1 403
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Set-Cookie: JSESSIONID=AC71E702C00D5FA73F0EF0F81C5439D6; Path=/; HttpOnly
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Thu, 21 Dec 2017 11:43:53 GMT

{"timestamp":1513856633878,"status":403,"error":"Forbidden","message":"Could not verify the provided CSRF token because your session was not found.","path":"/log/get"}

请参阅我的配置以实际应用基本身份验证

网络安全-config.xml中 

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xsi:schemaLocation="
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-4.2.xsd
    http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-4.2.xsd">

    <http use-expressions="true">
        <intercept-url pattern="/login*" access="isAnonymous()"/>
        <intercept-url pattern="/*" access="isAuthenticated()"/>
        <!--<intercept-url pattern="/log/*" access="isAuthenticated()"/>-->
        <http-basic entry-point-ref="customBasicAuthenticationEntryPoint"/>

        <form-login
                login-page=''
                default-target-url="/manager"
                authentication-failure-url="/login?error=true"/>

        <logout logout-success-url="/login"/>

    </http>
    <authentication-manager>
        <authentication-provider user-service-ref="comaUserDetailsService"/>
    </authentication-manager>
</beans:beans>

CustomBasicAuthEntryPoint.java 

@Component
public class CustomBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoint {
  //  Code Quelle:
  //  http://websystique.com/spring-security/secure-spring-rest-api-using-basic-authentication/
  @Override
  public void commence(final HttpServletRequest request,
                       final HttpServletResponse response,
                       final AuthenticationException authException) throws IOException, ServletException {
    //Authentication failed, send error response.
    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
    response.addHeader("WWW-Authenticate", "Basic realm=" + getRealmName() + "");

    PrintWriter writer = response.getWriter();
    writer.println("HTTP Status 401 : " + authException.getMessage());
  }

  @Override
  public void afterPropertiesSet() throws Exception {
    setRealmName("Coma-Frontend");
    super.afterPropertiesSet();
  }
}

0 个答案:

没有答案
相关问题
最新问题