Java 使用Spring Security+;休息+;JSON
我想使用RESTSpringController通过JSON格式验证使用SpringSecurity的用户 休息控制器Java 使用Spring Security+;休息+;JSON,java,json,spring,rest,spring-security,Java,Json,Spring,Rest,Spring Security,我想使用RESTSpringController通过JSON格式验证使用SpringSecurity的用户 休息控制器 @RestController @RequestMapping("/rest/api/login") public class UserRestController { @Autowired @Qualifier(value = "authenticationManager") private AuthenticationManager authent
@RestController
@RequestMapping("/rest/api/login")
public class UserRestController {
@Autowired
@Qualifier(value = "authenticationManager")
private AuthenticationManager authenticationManager;
@RequestMapping(method = RequestMethod.POST, headers = {"Accept=application/json"})
public Map<String, String> login(@RequestParam("login") String username, @RequestParam("password") String password) {
Map<String, String> response = new HashMap<String, String>();
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);
try {
Authentication auth = authenticationManager.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(auth);
response.put("status", "true");
return response;
} catch (BadCredentialsException ex) {
response.put("status", "false");
return response;
}
}}
我想在移动应用程序Android中使用此服务。可能的重复不是重复,这一个询问如何使用标准方法,另一个询问如何定制。如果不强制使用JSON,您可以使用。如果您使用邮递员,您可以选择表单数据并包括“用户名”和“密码”字段。
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/" access="permitAll" />
<intercept-url pattern="/welcome" access="isAnonymous()" />
<intercept-url pattern="/login" access="isAnonymous()" />
<intercept-url pattern="/logout" access="isAnonymous()" />
<intercept-url pattern="/listUsers" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/userInfo"
access="hasAnyRole('ROLE_USER', 'ROLE_ADMIN')" />
<intercept-url pattern="/admin" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/other/**" access="isAuthenticated()" />
<access-denied-handler error-page="/403" />
<form-login login-page='/' login-processing-url="/j_spring_security_check"
default-target-url="/" always-use-default-target="false"
authentication-failure-url="/login?error=true" username-parameter="login"
password-parameter="password" />
<logout logout-url="/logout" logout-success-url="/logoutSuccessful"
delete-cookies="JSESSIONID" invalidate-session="true" />
</http>
<authentication-manager alias="authenticationManager">
<!-- authentication from database -->
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select login, password, enabled from users where login=?"
authorities-by-username-query="select login, role from users where login=?" />
</authentication-provider>
</authentication-manager>
</beans:beans>
{"login":"a","password":"a"}