Spring security 将securityContext保存到SecurityContextRepository时发生异常
开始使用Spring Security保护我的一些resful服务器资源。 我的客户机使用ajax(jQueryAjax)处理请求,我从实现登录功能开始 My Jersey web层包括以下内容:Spring security 将securityContext保存到SecurityContextRepository时发生异常,spring-security,jersey,security,Spring Security,Jersey,Security,开始使用Spring Security保护我的一些resful服务器资源。 我的客户机使用ajax(jQueryAjax)处理请求,我从实现登录功能开始 My Jersey web层包括以下内容: @Path("/login") @Component public class LoginResourceProvider extends ServiceResourceProvider { /*--- Static ---*/ private final static ILogg
@Path("/login")
@Component
public class LoginResourceProvider extends ServiceResourceProvider {
/*--- Static ---*/
private final static ILogger logger = LogManager.getLogger(LoginResourceProvider.class);
/*--- Members ---*/
@Inject
@Qualifier("authenticationManager")
protected AuthenticationManager authenticationManager;
@Inject
protected SecurityContextRepository repository;
@Inject
protected RememberMeServices rememberMeServices;
/*--- Constructors ---*/
public LoginResourceProvider() {
super("Login");
}
/*--- Public Methods ---*/
@GET
public void login() {
}
/**
* A user login attempt
*
* @param username
* The user name
* @param password
* The password of the given user name
* @param request
* @param response
* @return A JSON string, indicating if the login is successful
*/
@POST
@Produces(MediaType.APPLICATION_JSON)
public String performLogin(@QueryParam("j_username") String username, @QueryParam("j_password") String password,
@Context HttpServletRequest request, @Context HttpServletResponse response) {
// Create a token
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);
SecurityContext securityContext = SecurityContextHolder.getContext();
try {
// Attempting to authenticate the user
Authentication auth = authenticationManager.authenticate(token);
// Updating the SecurityContext, which represents the user's
// secured, authenticated session
securityContext.setAuthentication(auth);
// If the user authenticates successfully then the authentication
// storing the security context in the HttpSession between requests
repository.saveContext(securityContext, request, response);
// object is passed to the remember-me service
rememberMeServices.loginSuccess(request, response, auth);
// Successfully authenticated
return "{\"status\": true}";
// Bad Credentials
} catch (BadCredentialsException ex) {
return "{\"status\": false, \"error\": \"Bad Credentials\"}";
}
}
}
我的security-context.xml目前非常基本,足以测试我的登录过程:
<http use-expressions="true">
<form-login />
<remember-me />
<intercept-url pattern="/**" access="permitAll" />
<intercept-url pattern="/secured/**" access="isAuthenticated()" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<user-service>
<user name="bob" password="bobspassword" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
感谢您的帮助 好的,我想我明白了
根据需要,使用以下步骤完成身份验证:
$Proxy31 cannot be cast to org.springframework.security.web.context.SaveContextOnUpdateOrErrorResponseWrapper