Maven 在simple Spring webservice演示中禁止访问指定的资源
我用RESTWebService创建了简单的spring安全演示。 我花了很多时间在这上面。需要关于RESTWebService最新版本的简单工作spring安全性的强指针。 我的控制器是Maven 在simple Spring webservice演示中禁止访问指定的资源,maven,spring-mvc,spring-security,spring-ws,Maven,Spring Mvc,Spring Security,Spring Ws,我用RESTWebService创建了简单的spring安全演示。 我花了很多时间在这上面。需要关于RESTWebService最新版本的简单工作spring安全性的强指针。 我的控制器是 @Controller public class RestContoller { @RequestMapping(value = "/countryJSONProduce", method = RequestMethod.GET) public ResponseEntity<Countr
@Controller
public class RestContoller {
@RequestMapping(value = "/countryJSONProduce", method = RequestMethod.GET)
public ResponseEntity<CountryDetail> getCountryJSON() {
CountryDetail countryDetail = new CountryDetail("Values");
ResponseEntity<CountryDetail> rentity = new ResponseEntity<CountryDetail>(countryDetail, HttpStatus.OK);
return rentity;
}
@RequestMapping(value = "/countryJSONConsume", consumes = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.POST)
public String consumeJSON(@RequestBody CountryDetail countryDetail) {
System.out.println("Country Detail Example");
return "home";
}
}
web.xml is
<servlet>
<servlet-name>springrest</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>springrest</servlet-name>
<url-pattern>/hello/*</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-security.xml
/WEB-INF/springrest-servlet.xml
</param-value>
</context-param>
my pom.xml is
<properties>
<spring.version>4.1.0.RELEASE</spring.version>
<springsecurity.version>4.0.2.RELEASE</springsecurity.version>
</properties>
<dependencies>
<!-- for Jsp use -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
</dependency>
<!-- Spring mvc and Core -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<!-- Spring mvc and Core -->
<!-- JSON Response Spring Framework 4.1, the minimum jackson version should
be 2.1 -->
<!-- Compatiable Spring Framework 4.1 -->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.5.3</version>
</dependency>
<!-- Spring Authentication Start -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${springsecurity.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${springsecurity.version}</version>
</dependency>
<!-- Spring Authentication End -->
</dependencies>
When I Run the code sometimes it shows popup in my Eclipse Mars INTENAL
browser for user and password.when i put my credentials it will goes to
localhost:8080/SpringMavenRest2/ welcome page ok.when I hit the
url localhost:8080/SpringMavenRest2/hello/countryJSONProduce
which is calling my first service.. it is showing the Error :Access to
the specified resource has been forbidden.403
Even I put user name and
password as basic auth.Now I am testing this second url FROM CHROME
POSTMAN CLIENT.
I am using this configuration Java 1.8 ,Tomcat 8.0
spring.version4.1.0.RELEASE ,springsecurity.version 4.0.2.RELEASE.
and maven 3.3
Its
working well without authentication.Could you give any best referenced demo
for spring security with basic authentication. I have refered this also
http://www.mkyong.com/spring-security/spring-security-hello-world-example/
@控制器
公共类重新控制程序{
@RequestMapping(value=“/countryJSONPRODUCT”,method=RequestMethod.GET)
公共响应getCountryJSON(){
CountryDetail CountryDetail=新的CountryDetail(“值”);
ResponseEntity Renty=新的ResponseEntity(countryDetail,HttpStatus.OK);
回报租金;
}
@RequestMapping(value=“/countryJSONConsume”,consumes=MediaType.APPLICATION\u JSON\u value,method=RequestMethod.POST)
公共字符串consumerJSON(@RequestBody CountryDetail CountryDetail){
System.out.println(“国家详细信息示例”);
返回“家”;
}
}
xml是
弹簧座
org.springframework.web.servlet.DispatcherServlet
弹簧座
/你好/*
org.springframework.web.context.ContextLoaderListener
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*
上下文配置位置
/WEB-INF/spring-security.xml
/WEB-INF/springrest-servlet.xml
我的pom.xml是
4.1.0.1发布
4.0.2.1发布
javax.servlet
javax.servlet-api
3.1.0
org.springframework
spring上下文
${spring.version}
org.springframework
SpringWebMVC
${spring.version}
com.fasterxml.jackson.core
杰克逊数据绑定
2.5.3
org.springframework.security
spring安全网
${springsecurity.version}
org.springframework.security
spring安全配置
${springsecurity.version}
当我运行代码时,有时它会在Eclipse中显示弹出窗口
用户和密码的浏览器。当我放置凭据时,它将转到
localhost:8080/SpringMavenRest2/wellcomepage好的
url localhost:8080/SpringMavenRest2/hello/countryjsonproduct
这是我的第一次服务。。它显示错误:访问
指定的资源已被禁止。403
甚至我把用户名和
密码作为基本身份验证。现在我正在测试来自CHROME的第二个url
邮递员客户。
我使用的配置是Java1.8,Tomcat8.0
spring.version4.1.0.RELEASE,springsecurity.version4.0.2.RELEASE。
和maven 3.3
它的
在没有身份验证的情况下运行良好。您能提供任何最佳的参考演示吗
用于具有基本身份验证的spring安全性。我也提到过这个
http://www.mkyong.com/spring-security/spring-security-hello-world-example/
试试这个:
<security:intercept-url pattern="/hello/**" access="hasRole('ROLE_USER'') "/>
and / or
<security:intercept-url pattern="/**" access="hasAnyRole('IS_AUTHENTICATED_ANONYMOUSLY','ROLE_USER')"/>
和/或
my spring-security.xml非常感谢,我尝试了第一个选项。它可以工作。您能提供任何基本安全阅读的链接吗