0
我有一个春天的项目,暴露一些API给他人,但他们需要进行身份验证才能使用该服务。在java [服务器端]身份验证春天休息服务
@Configuration
@EnableWebSecurity
public class SecConfig extends WebSecurityConfigurerAdapter{
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth.inMemoryAuthentication().withUser("admin").password("admin")
.roles("USER");
}
}
当我使用能够进行身份验证,并使用下面
public void getRestValue() {
final String url = "http://localhost:8080/template/getData";
final String username = "[email protected]";
final String password = "admin";
// Populate the HTTP Basic Authentitcation header with the username and
// password
RestTemplate restTemplate = new RestTemplate();
String plainCreds = username + ":" + password;
byte[] plainCredsBytes = plainCreds.getBytes();
byte[] base64CredsBytes = Base64.encodeBase64(plainCredsBytes);
String base64Creds = new String(base64CredsBytes);
HttpHeaders headers = new HttpHeaders();
headers.add("Authorization", "Basic " + base64Creds);
HttpEntity<String> request = new HttpEntity<String>(headers);
ResponseEntity<String> response = restTemplate.exchange(url,
HttpMethod.GET, request, String.class);
System.out.println(response);
String account = response.getBody();
System.out.println(account);
}
客户端项目使用的服务,但是当我用我的userservice从数据库获取值使用下面的配置我得到的这个春天配置时登录页面的响应
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
AppUserDetailsService appUserDetailsService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
auth.userDetailsService(appUserDetailsService);
}
@Override
public void configure(WebSecurity webSecurity) throws Exception {
webSecurity.ignoring().antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests().antMatchers("/setup/*")
.permitAll().antMatchers("/login").permitAll()
.antMatchers("/logout").permitAll().anyRequest()
.authenticated().and().formLogin().loginPage("/login")
.loginProcessingUrl("/j_spring_security_check")
.usernameParameter("j_username")
.passwordParameter("j_password").failureUrl("/login")
.defaultSuccessUrl("/").permitAll().and().logout()
.logoutUrl("/j_spring_security_logout")
.logoutSuccessUrl("/login").deleteCookies("JSESSIONID")
.invalidateHttpSession(true);
}
}
请告诉我,我走错了
调试日志说什么? –
只要我打电话给休息服务,我会在响应正文中获得登录页面html。 – user3321883