Java Spring安全休息授权
我很想知道如何通过SpringSecurityRESTJSON登录。我为Android/iOS编写后端。这是我的security.xml:Java Spring安全休息授权,java,jakarta-ee,spring-security,restful-authentication,Java,Jakarta Ee,Spring Security,Restful Authentication,我很想知道如何通过SpringSecurityRESTJSON登录。我为Android/iOS编写后端。这是我的security.xml: <http use-expressions="true" create-session="stateless" entry-point-ref="restAuthenticationEntryPoint"> <intercept-url pattern="/auth/**" access="permitAll
<http use-expressions="true" create-session="stateless" entry-point-ref="restAuthenticationEntryPoint">
<intercept-url pattern="/auth/**" access="permitAll" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<custom-filter ref="myFilter" position="FORM_LOGIN_FILTER"/>
<logout />
</http>
<beans:bean id="myFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="authenticationSuccessHandler" ref="mySuccessHandler"/>
</beans:bean>
<beans:bean id="mySuccessHandler" class="com.teamodc.jee.webmail.security.MySavedRequestAwareAuthenticationSuccessHandler"/>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="userDetailsService" />
<authentication-provider ref="authenticationProvider" />
</authentication-manager>
<beans:bean id="authenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="userDetailsService"/>
</beans:bean>
@Controller
@RequestMapping(value = "/auth")
public class AuthorizationController {
@Autowired
@Qualifier(value = "authenticationManager")
AuthenticationManager authenticationManager;
private SimpleGrantedAuthority anonymousRole = new SimpleGrantedAuthority("ROLE_ANONYMOUS");
@RequestMapping(value = "/login", method = RequestMethod.POST, headers = {"Accept=application/json"})
@ResponseBody
public Map<String, String> login(@RequestParam("login") String username, @RequestParam("password") String password) {
Map<String, String> response = new HashMap<String, String>();
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);
try {
Authentication auth = authenticationManager.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(auth);
response.put("status", "true");
return response;
} catch (BadCredentialsException ex) {
System.out.println("Login 3");
response.put("status", "false");
response.put("error", "Bad credentials");
return response;
}
}
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/appServlet/servlet-context.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/dispatcher.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>charsetFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>charsetFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
这是我的身份验证控制器:
<http use-expressions="true" create-session="stateless" entry-point-ref="restAuthenticationEntryPoint">
<intercept-url pattern="/auth/**" access="permitAll" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<custom-filter ref="myFilter" position="FORM_LOGIN_FILTER"/>
<logout />
</http>
<beans:bean id="myFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="authenticationSuccessHandler" ref="mySuccessHandler"/>
</beans:bean>
<beans:bean id="mySuccessHandler" class="com.teamodc.jee.webmail.security.MySavedRequestAwareAuthenticationSuccessHandler"/>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="userDetailsService" />
<authentication-provider ref="authenticationProvider" />
</authentication-manager>
<beans:bean id="authenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="userDetailsService"/>
</beans:bean>
@Controller
@RequestMapping(value = "/auth")
public class AuthorizationController {
@Autowired
@Qualifier(value = "authenticationManager")
AuthenticationManager authenticationManager;
private SimpleGrantedAuthority anonymousRole = new SimpleGrantedAuthority("ROLE_ANONYMOUS");
@RequestMapping(value = "/login", method = RequestMethod.POST, headers = {"Accept=application/json"})
@ResponseBody
public Map<String, String> login(@RequestParam("login") String username, @RequestParam("password") String password) {
Map<String, String> response = new HashMap<String, String>();
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);
try {
Authentication auth = authenticationManager.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(auth);
response.put("status", "true");
return response;
} catch (BadCredentialsException ex) {
System.out.println("Login 3");
response.put("status", "false");
response.put("error", "Bad credentials");
return response;
}
}
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/appServlet/servlet-context.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/dispatcher.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>charsetFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>charsetFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
@控制器
@请求映射(value=“/auth”)
公共类授权控制器{
@自动连线
@限定符(value=“authenticationManager”)
AuthenticationManager AuthenticationManager;
私有SimpleGrantedAuthority anonymousRole=新SimpleGrantedAuthority(“ROLE_ANONYMOUS”);
@RequestMapping(value=“/login”,method=RequestMethod.POST,headers={“Accept=application/json”})
@应答器
公共地图登录(@RequestParam(“登录”)字符串用户名,@RequestParam(“密码”)字符串密码){
Map response=newhashmap();
UsernamePasswordAuthenticationToken=新的UsernamePasswordAuthenticationToken(用户名、密码);
试一试{
Authentication auth=authenticationManager.authenticate(令牌);
SecurityContextHolder.getContext().setAuthentication(auth);
回复。放置(“状态”、“真实”);
返回响应;
}捕获(BadCredentialsException ex){
System.out.println(“登录3”);
回复。put(“状态”、“错误”);
response.put(“错误”、“错误凭证”);
返回响应;
}
}
最后,我的web.xml:
<http use-expressions="true" create-session="stateless" entry-point-ref="restAuthenticationEntryPoint">
<intercept-url pattern="/auth/**" access="permitAll" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<custom-filter ref="myFilter" position="FORM_LOGIN_FILTER"/>
<logout />
</http>
<beans:bean id="myFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="authenticationSuccessHandler" ref="mySuccessHandler"/>
</beans:bean>
<beans:bean id="mySuccessHandler" class="com.teamodc.jee.webmail.security.MySavedRequestAwareAuthenticationSuccessHandler"/>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="userDetailsService" />
<authentication-provider ref="authenticationProvider" />
</authentication-manager>
<beans:bean id="authenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="userDetailsService"/>
</beans:bean>
@Controller
@RequestMapping(value = "/auth")
public class AuthorizationController {
@Autowired
@Qualifier(value = "authenticationManager")
AuthenticationManager authenticationManager;
private SimpleGrantedAuthority anonymousRole = new SimpleGrantedAuthority("ROLE_ANONYMOUS");
@RequestMapping(value = "/login", method = RequestMethod.POST, headers = {"Accept=application/json"})
@ResponseBody
public Map<String, String> login(@RequestParam("login") String username, @RequestParam("password") String password) {
Map<String, String> response = new HashMap<String, String>();
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);
try {
Authentication auth = authenticationManager.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(auth);
response.put("status", "true");
return response;
} catch (BadCredentialsException ex) {
System.out.println("Login 3");
response.put("status", "false");
response.put("error", "Bad credentials");
return response;
}
}
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/appServlet/servlet-context.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/dispatcher.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>charsetFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>charsetFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
上下文配置位置
/WEB-INF/spring/appServlet/servlet-context.xml
org.springframework.web.context.ContextLoaderListener
SpringMVC调度程序Servlet
org.springframework.web.servlet.DispatcherServlet
上下文配置位置
/WEB-INF/spring/appServlet/dispatcher.xml
1.
SpringMVC调度程序Servlet
/
字符集过滤器
org.springframework.web.filter.CharacterEncodingFilter
编码
UTF-8
强制编码
真的
字符集过滤器
/*
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*
我已经在Firefox rest客户端上测试了它,但是当我将URL设置为bla/user/1时,我用了401(没错),但当URL设置为bla/auth/login时,我用了404,并返回WARN[org.springframework.web.servlet.PageNotFound]-
但是,当我在@Controller中标记路径时,您的login()
方法似乎映射到了/auth/auth/login
。方法级@RequestMapping
注释中给出的路径与类级注释相对
尝试将方法级注释更改为@RequestMapping(value=“/login”…
编辑:如果这只是一个输入错误,并且处理程序映射仍然存在问题,那么请确保在spring上下文中有适当的说明:
以便将控制器实例化为SpringBean
以支持带注释的控制器方法。有关详细信息,请参阅另外,确保它们实际上在相同的上下文中(通常在servlet上下文中)。不,当我将粘贴复制到此处时,这是一个错误。我的问题仍然是实际的。Thanx,我检查了我的包,它的名称是错误的。现在我有400个错误请求。无论如何,HTTP 400(错误请求)通常是由于缺少请求参数造成的。请检查是否按照处理程序方法的请求发布了
登录
和密码
。在org.springframework.web.method.HandlerMethod
上启用跟踪级别日志,以查看这是否是问题的真正原因。