java - REST 的 Spring Security

标签 java spring rest curl spring-security

我为 REST 应用程序启用了 Spring Security,但在使用curl 时未获得授权。

Security.xml

<sec:http use-expressions="true" entry-point-ref="restAuthenticationEntryPoint">
    <sec:intercept-url pattern="/rest/**" access="hasRole('ROLE_USER')" />

    <sec:form-login authentication-success-handler-ref="mySuccessHandler" />

    <sec:logout />
</sec:http>

<beans:bean id="mySuccessHandler" class="net.himalay.security.MySavedRequestAwareAuthenticationSuccessHandler" />

<sec:authentication-manager alias="authenticationManager">
    <sec:authentication-provider>
        <sec:user-service>
            <sec:user name="temporary" password="temporary" authorities="ROLE_ADMIN" />
            <sec:user name="user" password="userPass" authorities="ROLE_USER" />
        </sec:user-service>
    </sec:authentication-provider>
</sec:authentication-manager>

自定义入口点

@Component
public final class RestAuthenticationEntryPoint implements AuthenticationEntryPoint {

    private static final Logger LOG = LoggerFactory.getLogger(RestAuthenticationEntryPoint.class);

    @Override
    public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException) throws IOException {

        LOG.info("---------RestAuthenticationEntryPoint----------");
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
    }

}

Controller 

@Controller
@RequestMapping("rest")
public class MultitenantController {

    @Autowired
    private MultitenantService service;

    @RequestMapping(value = "/user/{id}", method = RequestMethod.GET)
    @ResponseBody
    public User getUserInfo(@PathVariable Long id) {
        return service.getUser(id);
    }

    @RequestMapping(value = "/user", method = RequestMethod.GET)
    @ResponseBody
    public List<User> getCustomers() {
        return service.getUsers();
    }

    @RequestMapping(value = "/user/{id}/todo", method = RequestMethod.GET)
    @ResponseBody
    public List<TodoItem> getTransactions(@PathVariable Long id) {
        HttpHeaders headers = addAccessControllAllowOrigin();
        return getUserInfo(id).getTodoItems();
    }
}

$curl -i -X -u user:userPass http://localhost:8080/mt-rest/rest/user/1/todo

curl: (6) Could not resolve host: user
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=ADA11C09484E658C38D8385CABA0CFAE; Path=/mt-rest/; HttpOnly
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 975
Date: Fri, 31 Jan 2014 17:14:45 GMT

从 security.xml 中取出安全模式后,它工作正常。我到底错过了什么?

最佳答案

您只定义了一个表单登录模块。我相信您还需要指定http-basic。例如:

<sec:http-basic />

关于java - REST 的 Spring Security,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/21488724/

上一篇:java - JScrollBar调整问题

下一篇:java - 尝试将 JLabel 图标设置为图像目录,出现空指针异常

相关文章:

java - 使用 POST 的 REST API 显示空白响应

java - Spring Web Flow的<set>元素中的 "value"属性包含什么?

java - 修复了线程池和运行线程时的异常

java - 从 Java 运行 Python 命令行实用程序

java - 如何在我的 SWT 应用程序中检测 ctrl-f

mysql - Spring:NamedParameterJdbcTemplate的queryForList()无法选择UTF-8中的Json字段

java - Keycloak 强制刷新 token

java - 无法从文件(Docker)打开指定的文件输入流

java - 在 Spring AMQP 中处理无法传递给消费者的消息

java - Spring RequestBody 将 JSON 转换为 String

©2024 IT工具网  联系我们