1. 首页
  2. 问答
  3. Spring Security REST授权

Spring Security REST授权

2013-03-25 288 views
0

我厌倦了如何通过Spring Security REST json来登录。我写的Android后端/ iOS.Here是我security.xml文件:Spring Security REST授权

<http use-expressions="true" create-session="stateless" entry-point-ref="restAuthenticationEntryPoint">   
     <intercept-url pattern="/auth/**" access="permitAll" /> 
     <intercept-url pattern="/**" access="isAuthenticated()" />  
     <custom-filter ref="myFilter" position="FORM_LOGIN_FILTER"/> 
     <logout />    
    </http> 

    <beans:bean id="myFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"> 
      <beans:property name="authenticationManager" ref="authenticationManager"/> 
      <beans:property name="authenticationSuccessHandler" ref="mySuccessHandler"/> 
    </beans:bean> 
    <beans:bean id="mySuccessHandler" class="com.teamodc.jee.webmail.security.MySavedRequestAwareAuthenticationSuccessHandler"/> 


    <authentication-manager alias="authenticationManager"> 
     <authentication-provider user-service-ref="userDetailsService" /> 
     <authentication-provider ref="authenticationProvider" /> 
    </authentication-manager> 

    <beans:bean id="authenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"> 
     <beans:property name="userDetailsService" ref="userDetailsService"/> 
    </beans:bean>

这是我AuthenticationController:

@Controller 
@RequestMapping(value = "/auth") 
public class AuthorizationController { 

    @Autowired 
    @Qualifier(value = "authenticationManager") 
    AuthenticationManager authenticationManager; 

    private SimpleGrantedAuthority anonymousRole = new SimpleGrantedAuthority("ROLE_ANONYMOUS"); 

    @RequestMapping(value = "/login", method = RequestMethod.POST, headers = {"Accept=application/json"}) 
    @ResponseBody 
    public Map<String, String> login(@RequestParam("login") String username, @RequestParam("password") String password) { 
     Map<String, String> response = new HashMap<String, String>(); 


      UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password); 

      try { 
       Authentication auth = authenticationManager.authenticate(token); 
       SecurityContextHolder.getContext().setAuthentication(auth); 

       response.put("status", "true");    
       return response; 
      } catch (BadCredentialsException ex) { 
       System.out.println("Login 3"); 
       response.put("status", "false"); 
       response.put("error", "Bad credentials"); 
       return response; 
      } 
     }

最后,我的web.xml:

<context-param> 
    <param-name>contextConfigLocation</param-name> 
    <param-value> 
     /WEB-INF/spring/appServlet/servlet-context.xml 
    </param-value> 
</context-param> 

<listener> 
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
</listener> 

<servlet> 
    <servlet-name>Spring MVC Dispatcher Servlet</servlet-name> 
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 
    <init-param> 
     <param-name>contextConfigLocation</param-name> 
     <param-value>/WEB-INF/spring/appServlet/dispatcher.xml</param-value> 
    </init-param> 
    <load-on-startup>1</load-on-startup> 
</servlet> 

<servlet-mapping> 
    <servlet-name>Spring MVC Dispatcher Servlet</servlet-name> 
    <url-pattern>/</url-pattern> 
</servlet-mapping> 

<filter> 
    <filter-name>charsetFilter</filter-name> 
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> 
    <init-param> 
     <param-name>encoding</param-name> 
     <param-value>UTF-8</param-value> 
    </init-param> 
    <init-param> 
     <param-name>forceEncoding</param-name> 
     <param-value>true</param-value> 
    </init-param> 
</filter> 

<filter-mapping> 
    <filter-name>charsetFilter</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping> 

<filter> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
</filter> 

<filter-mapping> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping>

我已经从Firefox休息客户端进行了测试,但是当我设置的URL是bla/user/1然后它花了我401(这是正确的),但是当URL是bla/auth /登录它花了我404,并且返回WARN [org.springframework.web.servlet.PageNotFound] - 但是当我在@Controller中标记路径时可能如何?

来源

2013-03-25 Maximus

回答

1

您的login()方法似乎映射到/auth/auth/login。方法级别@RequestMapping注释中给出的路径与类级别注释相关。

尝试将方法级别注释更改为@RequestMapping(value = "/login"...

编辑:
如果这仅仅是一个错字,你仍然有处理程序映射的问题,然后确保你在你的Spring上下文中的相应说明:为了

  1. <context:component-scan base-package="package.for.controllers"/>到让你的控制器实例化为spring beans。
  2. <mvc:annotation-driven/>为了支持@RequestMapping带注释的控制器方法。有关更多信息,请参阅reference docs

此外,请确保它们实际上处于相同的上下文中(通常在servlet上下文中)。

来源

2013-03-26 09:46:56 zagyi

+0

不,这是一个错误,当我复制粘贴到这里。我的问题仍然存在。 – Maximus 2013-03-26 11:54:37

+0

Thanx,我检查了我的软件包,它的名字是错误的。现在我有400个错误的请求。 – Maximus 2013-03-26 13:25:27

+0

无论如何,HTTP 400(错误请求)通常是由缺少的请求参数引起的。检查是否按照处理程序方法的要求发布'login'和'password'。在'org.springframework.web.method.HandlerMethod'上启用跟踪级别日志记录来查看是否真的是问题的原因。 – zagyi 2013-03-26 15:34:48

相关问题

 相关问题