Java restfulweb服务中的身份验证
下面是我的web.xml文件,其中包含web服务的身份验证Java restfulweb服务中的身份验证,java,web-services,jax-rs,restful-authentication,Java,Web Services,Jax Rs,Restful Authentication,下面是我的web.xml文件,其中包含web服务的身份验证 <sec:authentication-manager> <sec:authentication-provider> <sec:user-service id="userService"> <sec:user name="admin" password="admin" authorities="admin" />
<sec:authentication-manager>
<sec:authentication-provider>
<sec:user-service id="userService">
<sec:user name="admin" password="admin" authorities="admin" />
<sec:user name="report" password="report" authorities="customer" />
<sec:user name="johndoe" password="password" authorities="customer, admin" />
</sec:user-service>
</sec:authentication-provider>
</sec:authentication-manager>
<sec:http create-session="stateless" use-expressions="true" path-type="regex">
<sec:intercept-url pattern="/services.*" access="permitAll" />
<sec:intercept-url pattern="/services/fichier.*" access="hasRole('customer')" />
<sec:intercept-url pattern="/services.*" access="hasRole('admin')" />
<sec:http-basic />
</sec:http>
现在我的URL是-http://localhost:8080/AutoFIE2Web/services/fichier/downloadFile/ffffff.jpg?fileId=5
我使用了report
user,它给了我访问被拒绝的异常,但它确实适用于其他两个用户-admin
,johndoe
此身份验证有什么问题
谢谢
删除
permitAll
访问权限后,它工作正常。只需尝试将@PreAuthorize(“hasRole('customer')”)
替换为@PreAuthorize(“hasAuthority('customer')”)
然后尝试将行
移到行的上方
@PreAuthorize("hasRole('customer')")
@GET
@Path("/downloadFile/{fileName}/")
public String downloadFile(@PathParam("fileName") String fileName, @QueryParam("fileId") Integer fileId)
{
return "blah blah blah"
}
<sec:http create-session="stateless" use-expressions="true" path-type="regex">
<!-- <sec:intercept-url pattern="/services.*" access="permitAll" /> -->
<sec:intercept-url pattern="/services/fichier.*" access="hasRole('customer')" />
<sec:intercept-url pattern="/services.*" access="hasRole('admin')" />
<sec:http-basic />
</sec:http>