嗨,我如何使用我的控制器和restController的命令...。 像-> html视图的命令1和rest api的命令2 我想在春季使用rest和mvc将其用于webapp
具有多个HTTP元素的多个入口点
我认为我应该在控制器类中使用命令!
What's your name? Eric
How old are you? 12
Eric, you are 84 years old in dog years
答案 0 :(得分:0)
我致力于解决这个问题,并找到了在单个方法中使用spring rest api和spring mvc的方法 项目,这很容易在没有安全性的一个项目中使用它们 在项目中使用登录页面和其余基本身份验证的 spring rest安全性和 spring mvc security ,我们应该使用 httpBasic()
,对于 url ,请使用
http://username:password@localhost:8080/api/members/
@Configuration
@EnableWebSecurity
public class MultipleEntryPointsSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserService userService;
@Autowired
private CustomAuthenticationSuccessHandler customAuthenticationSuccessHandler;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authenticationProvider());
}
// this is filter for mappings for api and mvc mappings
// http://username:password@localhost:8080/api/members/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/").hasRole("EMPLOYEE")
.antMatchers("/leaders/**").hasRole("MANAGER")
.antMatchers("/systems/**").hasRole("ADMIN")
.antMatchers(HttpMethod.GET, "/api/**").hasRole("EMPLOYEE")
.and()
.httpBasic()
.and()
.formLogin()
.loginPage("/showMyLoginPage")
.loginProcessingUrl("/authenticateTheUser")
.successHandler(customAuthenticationSuccessHandler)
.permitAll()
.and()
.logout().permitAll()
.and()
.exceptionHandling().accessDeniedPage("/access-denied");
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider auth = new DaoAuthenticationProvider();
auth.setUserDetailsService(userService); //set the custom user details service
auth.setPasswordEncoder(passwordEncoder()); //set the password encoder - bcrypt
return auth;
}
}