1. 首页
  2. 问答
  3. 在java [服务器端]身份验证春天休息服务

在java [服务器端]身份验证春天休息服务

2014-05-21 115 views
0

我有一个春天的项目,暴露一些API给他人,但他们需要进行身份验证才能使用该服务。在java [服务器端]身份验证春天休息服务

@Configuration 
@EnableWebSecurity 
public class SecConfig extends WebSecurityConfigurerAdapter{ 
    @Autowired 
    public void configureGlobal(AuthenticationManagerBuilder auth) 
      throws Exception { 
     auth.inMemoryAuthentication().withUser("admin").password("admin") 
       .roles("USER"); 
    } 
}

当我使用能够进行身份验证,并使用下面

public void getRestValue() { 
     final String url = "http://localhost:8080/template/getData"; 
     final String username = "[email protected]"; 
     final String password = "admin"; 
     // Populate the HTTP Basic Authentitcation header with the username and 
     // password 
     RestTemplate restTemplate = new RestTemplate(); 
     String plainCreds = username + ":" + password; 
     byte[] plainCredsBytes = plainCreds.getBytes(); 
     byte[] base64CredsBytes = Base64.encodeBase64(plainCredsBytes); 
     String base64Creds = new String(base64CredsBytes); 
     HttpHeaders headers = new HttpHeaders(); 
     headers.add("Authorization", "Basic " + base64Creds); 
     HttpEntity<String> request = new HttpEntity<String>(headers); 
     ResponseEntity<String> response = restTemplate.exchange(url, 
       HttpMethod.GET, request, String.class); 
     System.out.println(response); 
     String account = response.getBody(); 
     System.out.println(account); 
    }

客户端项目使用的服务,但是当我用我的userservice从数据库获取值使用下面的配置我得到的这个春天配置时登录页面的响应

@Configuration 
@EnableWebSecurity 
@EnableGlobalMethodSecurity(prePostEnabled = true) 
public class SecurityConfig extends WebSecurityConfigurerAdapter { 

    @Autowired 
    AppUserDetailsService appUserDetailsService; 

    @Autowired 
    public void configureGlobal(AuthenticationManagerBuilder auth) 
      throws Exception { 
     auth.userDetailsService(appUserDetailsService); 
    } 

    @Override 
    public void configure(WebSecurity webSecurity) throws Exception { 
     webSecurity.ignoring().antMatchers("/resources/**"); 
    } 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http.csrf().disable().authorizeRequests().antMatchers("/setup/*") 
       .permitAll().antMatchers("/login").permitAll() 
       .antMatchers("/logout").permitAll().anyRequest() 
       .authenticated().and().formLogin().loginPage("/login") 
       .loginProcessingUrl("/j_spring_security_check") 
       .usernameParameter("j_username") 
       .passwordParameter("j_password").failureUrl("/login") 
       .defaultSuccessUrl("/").permitAll().and().logout() 
       .logoutUrl("/j_spring_security_logout") 
       .logoutSuccessUrl("/login").deleteCookies("JSESSIONID") 
       .invalidateHttpSession(true); 
    } 
}

请告诉我,我走错了

来源

2014-05-21 user3321883

+0

调试日志说什么? –

+0

只要我打电话给休息服务,我会在响应正文中获得登录页面html。 – user3321883

回答

0

您的客户端使用HTTP基本身份验证,但您的服务器仅配置了表单身份验证。尝试在configure(HttpSecurity http)方法中添加.httpBasic()

来源

2014-05-22 07:39:49 holmis83

+0

我试着添加这个。在这种情况下,即使是可用的身份验证也被禁用,当我在浏览器中尝试。 – user3321883

相关问题

 相关问题