Authentication 如何在实现spring安全性的情况下运行curl命令调用RESTAPI
我在Spring引导应用程序中使用Spring安全性实现了LDAP身份验证。用户凭据通过http登录表单传入。用户名在Authentication 如何在实现spring安全性的情况下运行curl命令调用RESTAPI,authentication,curl,login,spring-security,spring-boot,Authentication,Curl,Login,Spring Security,Spring Boot,我在Spring引导应用程序中使用Spring安全性实现了LDAP身份验证。用户凭据通过http登录表单传入。用户名在.userDnPatterns(“cn={0},ou=institution,ou=people”)中取为{0}。但是,如果我想用curl命令调用restapi,我应该如何从curl(或自定义html页面)传入用户名和密码?换句话说,如何将变量从POST请求传递到config类 我的WebSecurity配置类如下所示: @Configuration @EnableWebSecu
.userDnPatterns(“cn={0},ou=institution,ou=people”){0}@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.formLogin();
}
@Configuration
protected static class AuthenticationConfiguration extends
GlobalAuthenticationConfigurerAdapter {
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource("ldap://ldap.xxx.edu:389/dc=mdanderson,dc=edu");
contextSource.setUserDn("cn=ris_flow,ou=service accounts,ou=institution,ou=service accounts,dc=mdanderson,dc=edu");
contextSource.setPassword("xxxyyyzzz");
contextSource.afterPropertiesSet();
LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder> ldapAuthenticationProviderConfigurer = auth.ldapAuthentication();
ldapAuthenticationProviderConfigurer
.userDnPatterns("cn={0},ou=institution,ou=people")
.userSearchBase("")
.contextSource(contextSource);
}
}
}
-v* Hostname was NOT found in DNS cache
* Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
> POST /ristore/foundation/TRF134936 HTTP/1.1
> User-Agent: curl/7.37.1
> Host: localhost:8080
> Accept: */*
> Content-Length: 35
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 35 out of 35 bytes
< HTTP/1.1 302 Found
* Server Apache-Coyote/1.1 is not blacklisted
< Server: Apache-Coyote/1.1
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< Set-Cookie: JSESSIONID=FE8C94FC8B445A2C8AA1FCFBB5F2826D; Path=/; HttpOnly
< Location: http://localhost:8080/login
< Content-Length: 0
< Date: Wed, 27 Apr 2016 02:19:43 GMT
<
* Connection #0 to host localhost left intact
男人卷发POSTusernamepasswordcurl-X POST-c cookies'http://:/login'-d'username=&password='
将允许您发送凭据,并使用
-c cookiesuserDnPatterns=(“cn={0},ou=institution,ou=people”)中将用户名插入为{0}
!我猜密码也会按原样处理?我想知道如果我在配置中显式地处理密码,它将是{1}
,对吗?是的!您不必使用占位符来定义它。如果您正确配置了spring security ldap,并且它确实可以通过浏览器工作,那么它也可以通过curl
工作。Spring将使用传递的密码对您的LDAP服务器执行第二个绑定。当我的Rest API通过LDAP身份验证进行保护时,如何使用curl
执行get请求?这里可能只有一条注释:如果您想使用Rest API,我不会使用表单登录,而是使用基本身份验证或OAuth。@daniel.eichsten同意。表单登录只是我想测试ldap身份验证的东西。肯定会为RESTAPI创建html登录页面
* Hostname was NOT found in DNS cache
* Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
> POST /ristore/foundation/TRF134936 HTTP/1.1
> User-Agent: curl/7.37.1
> Host: localhost:8080
> Accept: */*
> Content-Length: 35
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 35 out of 35 bytes
< HTTP/1.1 302 Found
* Server Apache-Coyote/1.1 is not blacklisted
< Server: Apache-Coyote/1.1
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< Set-Cookie: JSESSIONID=FE8C94FC8B445A2C8AA1FCFBB5F2826D; Path=/; HttpOnly
< Location: http://localhost:8080/login
< Content-Length: 0
< Date: Wed, 27 Apr 2016 02:19:43 GMT
<
* Connection #0 to host localhost left intact
curl -X POST -c cookies 'http://<host>:<port>/login' -d'username=<usernam>&password=<password>'