如何通过使用Spring Security实现Rest登录

时间:2019-05-29 02:29:59

标签: spring spring-security

这是我用于登录controller.java和AccessToken.java的代码,该代码在登录过程后返回

def _update_angle(self):
    while self.rotation < -math.pi:
        self.rotation += math.pi * 2
    while self.rotation > math.pi:
        self.rotation -= math.pi * 2
    angle_delta_x = self.target.position[0] - self.position[0]
    angle_delta_y = self.target.position[1] - self.position[1]
    angle = -math.atan2(angle_delta_y, angle_delta_x)

    if angle < self.rotation:
        self.rotation -= self.rotation_speed
    elif angle > self.rotation:
        self.rotation += self.rotation_speed


@RestController
@RequestMapping("/user")
public class Controller {


 @Autowired AuthenticationManager authenticationManager;
 @Autowired UserService userService;



 @RequestMapping(value="/login", method=RequestMethod.POST)
 public AccessToken logsin(
         @RequestBody AuthenticationRequest request,  HttpSession session
         ) {


     UsernamePasswordAuthenticationToken  token = new UsernamePasswordAuthenticationToken (request.getId(), request.getPassword());
     Authentication authentication = authenticationManager.authenticate(token);
     SecurityContextHolder.getContext().setAuthentication(authentication);
     session.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
               SecurityContextHolder.getContext());



     AccessToken token1 = new AccessToken();
     token1.setUsername(authentication.getName());
     token1.setAuthorities(authentication.getAuthorities());
     token1.setToken(session.getId());

     Authentication a = SecurityContextHolder.getContext().getAuthentication();

     System.out.println("a.isAuthenticated : "+ a.isAuthenticated());



     return token1;
 }

}

如果我向登录用户进程“ / user / login”发送请求,则System.out.println(“ a.isAuthenticated:” + a.isAuthenticated())的值;是“真”

然后我得到AccessToken 例如,

public class AccessToken {


private String username;
private Collection authorities;
private String token;
public String getUsername() {
    return username;
}
public void setUsername(String username) {
    this.username = username;
}
public Collection getAuthorities() {
    return authorities;
}
public void setAuthorities(Collection authorities) {
    this.authorities = authorities;
}
public String getToken() {
    return token;
}
public void setToken(String token) {
    this.token = token;
}

然后我为令牌认证设置了一个过滤器类和HttpSessionStrategy bean 

{
    "username": "myid1",
    "authorities": [
        {
            "authority": "user"
        }
    ],
    "token": "3D31F32383859DB145320941122CA189"
}


@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class SimpleCorsFilter implements Filter {

public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
    System.out.println("filter!");
    HttpServletResponse response = (HttpServletResponse) res;

    response.setHeader("Access-Control-Allow-Origin", "*");
    response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE");
    response.setHeader("Access-Control-Max-Age", "3600");
    response.setHeader("Access-Control-Expose-Headers", "x-auth-token");
    response.setHeader("Access-Control-Allow-Credentials", "x-auth-token");
    chain.doFilter(req, res);
}

public void init(FilterConfig filterConfig) {}

public void destroy() {}

}

此后,我向另一个需要使用标头进行身份验证的网址发送了请求

'x-auth-token = 3D31F32383859DB145320941122CA189'

但是服务器响应403禁止错误

如何解决此问题?

1 个答案:

答案 0 :(得分:0)

您需要启用springHttpSession和内存会话存储库。

示例代码请参见here

通过用户名和密码获取令牌

curl -u user:password -v http://localhost:8080/api/token

通过令牌获得我

curl -H "x-auth-token: $token" -v http://localhost:8080/me

相关问题
最新问题