在java中使用http头在spring security中传递基本身份验证详细信息_Java_Spring_Security_Spring Mvc_Spring Security

在java中使用http头在spring security中传递基本身份验证详细信息

java spring security spring-mvc spring-security

在java中使用http头在spring security中传递基本身份验证详细信息,java,spring,security,spring-mvc,spring-security,Java,Spring,Security,Spring Mvc,Spring Security,我正在restful web服务中实现spring安全性。我正在使用http基本身份验证，现在当我尝试访问我的服务时，会出现一个windows安全对话，询问用户名和密码，现在我想通过http头传递用户名和密码，这样我就不需要在安全对话中专门输入详细信息。我的安全配置文件看起来像- <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springfram

我正在restful web服务中实现spring安全性。我正在使用http基本身份验证，现在当我尝试访问我的服务时，会出现一个windows安全对话，询问用户名和密码，现在我想通过http头传递用户名和密码，这样我就不需要在安全对话中专门输入详细信息。我的安全配置文件看起来像-

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <http auto-config="true" create-session="stateless">
        <intercept-url pattern="/**" access="ROLE_USER" />
        <http-basic />
    </http>

    <authentication-manager>
      <authentication-provider>
       <!--  <user-service>
        <user name="yoman" password="123456" authorities="ROLE_USER" />
        </user-service> -->
        <jdbc-user-service data-source-ref="dataSource"

           users-by-username-query="
              select username,password, enabled 
              from users where username=?" 

           authorities-by-username-query="
              select u.username, ur.authority from users u, user_roles ur 
              where u.user_id = ur.user_id and u.username =?  " 

        />
      </authentication-provider>
    </authentication-manager>

</beans:beans>

但每次当我访问该服务时，都会询问用户名和密码

我做错了什么？正确的方法是什么。我将非常感谢您提供的任何帮助。

您可以与一起使用。构建CommonHttpClientFactory 并将其作为构造函数参数注入resttemplate，您就可以开始了

context.xml

 <bean id="webServiceClient" class="com.webserviceclient.Client">
        <constructor-arg ref="restTemplate"/>
        <constructor-arg ref="credentials"/>
    </bean>

    <bean id="httpClientParams" class="org.apache.commons.httpclient.params.HttpClientParams">
        <property name="authenticationPreemptive" value="true"/>
        <property name="connectionManagerClass"
                  value="org.apache.commons.httpclient.MultiThreadedHttpConnectionManager"/>
    </bean>
    <bean id="httpClient" class="org.apache.commons.httpclient.HttpClient">
        <constructor-arg ref="httpClientParams"/>
    </bean>
    <bean id="credentials" class="org.apache.commons.httpclient.UsernamePasswordCredentials">
        <constructor-arg><value>${webservice.username}</value></constructor-arg>
        <constructor-arg><value>${webservice.password}</value></constructor-arg>
    </bean>
    <bean id="httpClientFactory" class="org.springframework.http.client.CommonsClientHttpRequestFactory">
        <constructor-arg ref="httpClient"/>
    </bean>

    <bean id="restTemplate" class="org.springframework.web.client.RestTemplate">
        <constructor-arg ref="httpClientFactory"/>

        <property name="messageConverters">
            <list>
                <bean class="org.springframework.http.converter.json.MappingJacksonHttpMessageConverter">
                </bean>
            </list>
        </property>
    </bean>

    <bean id="jaxbMarshaller" class="org.springframework.oxm.jaxb.Jaxb2Marshaller">
        <property name="classesToBeBound">
            <list>
                <value>your classes</value>
            </list>
        </property>
    </bean>


${webservice.username}
${webservice.password}
你的班级

Client.java

public class Client {

    private final RestTemplate restTemplate;
    private final Credentials credentials;


    public Client(RestTemplate restTemplate, Credentials credentials) {
        this.restTemplate = restTemplate;
        this.credentials = credentials;
        CommonsClientHttpRequestFactory factory = (CommonsClientHttpRequestFactory) restTemplate.getRequestFactory();
        HttpClient client = factory.getHttpClient();
        client.getState().setCredentials(AuthScope.ANY, this.credentials);
    }
    //consuming websevice
    public <yourObject> get(String url)
    {
      return restTemplate.getForObject(url, <yourObject>.class);
    }

}

公共类客户端{
私有最终RestTemplate RestTemplate；
私人最终证书；
公共客户端（RestTemplate RestTemplate、凭据）{
this.restTemplate=restTemplate；
this.credentials=凭证；
CommonClientHttPrequestFactory=（CommonClientHttPrequestFactory）restTemplate.getRequestFactory（）；
HttpClient=factory.getHttpClient（）；
client.getState（）.setCredentials（AuthScope.ANY，this.credentials）；
}
//消费网络设备
公共获取（字符串url）
{
返回restemplate.getForObject（url，.class）；
}
}

干杯。

您是否使用base64编码“用户名：密码”？它应该是base64编码的。是的，我在这里将用户名和密码编码为base64。问题只是编码，一旦编码完成，就正确了。

public class Client {

    private final RestTemplate restTemplate;
    private final Credentials credentials;


    public Client(RestTemplate restTemplate, Credentials credentials) {
        this.restTemplate = restTemplate;
        this.credentials = credentials;
        CommonsClientHttpRequestFactory factory = (CommonsClientHttpRequestFactory) restTemplate.getRequestFactory();
        HttpClient client = factory.getHttpClient();
        client.getState().setCredentials(AuthScope.ANY, this.credentials);
    }
    //consuming websevice
    public <yourObject> get(String url)
    {
      return restTemplate.getForObject(url, <yourObject>.class);
    }

}