Spring Security 3 RestTemplate发布到j_Spring_Security_check
我正在使用带REST端点的SpringSecurity3。我设法让一个基本的春季安全工作 security-context.xml的一部分Spring Security 3 RestTemplate发布到j_Spring_Security_check,spring,rest,spring-security,resttemplate,Spring,Rest,Spring Security,Resttemplate,我正在使用带REST端点的SpringSecurity3。我设法让一个基本的春季安全工作 security-context.xml的一部分 <security:http auto-config="true" use-expressions="true" access-denied-page="/rest/denied" > <security:intercept-url pattern="/rest/*" access="ROLE_USER"/> 让REST模板发布身份
<security:http auto-config="true" use-expressions="true" access-denied-page="/rest/denied" >
<security:intercept-url pattern="/rest/*" access="ROLE_USER"/>
让REST模板发布身份验证凭据的正确方法是什么?除了j_spring_安全检查之外,还有更好的登录/授权方式吗?信息是否在标题中
提前谢谢。这看起来像是一个复制品。不过,你可能用了错误的方法。通常,如果您发出REST请求,那么您不会同时进行身份验证—这没有任何意义—当然不会使用form POST样式的逻辑 对于REST请求的身份验证,您应该使用另一种形式的身份验证(假设这些请求是以编程方式生成的): *HTTP基本身份验证 *X.509证书 或者,如果这是通过XHR/Javascript源代码实现的,那么您应该准备好让请求失败,并将用户重定向到登录机制。通常,使用Spring安全性处理REST样式的请求与处理常规安全页面完全不同。你应该为一些复杂的事情做好准备
祝你好运 谢谢你的回复,我确实看了另一篇文章,也许我可以试着采取他们的方法。我来看看X.509,它可能工作得很好。
<security:authentication-manager>
<security:authentication-provider user-service-ref="userDetailsService">
<security:password-encoder ref="passwordEncoder"/>
</security:authentication-provider>
<!-- Use a Md5 encoder since the user's passwords are stored as Md5 in the database -->
<bean class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" id="passwordEncoder"/>
<!-- An in-memory list of users. No need to access an external database layer.
See Spring Security 3.1 Reference 5.2.1 In-Memory Authentication -->
<!-- john's password is admin, while jane;s password is user -->
<security:user-service id="userDetailsService">
<security:user name="john" password="21232f297a57a5a743894a0e4a801fc3" authorities="ROLE_USER, ROLE_ADMIN" />
<security:user name="jane" password="ee11cbb19052e40b07aac0ca060c23ee" authorities="ROLE_USER" />
</security:user-service>
HttpEntity<String> entity = new HttpEntity<String>(request, headers);
HashMap<String, String> map = new HashMap<String, String>();
map.put("j_username", "john");
map.put("j_password","21232f297a57a5a743894a0e4a801fc3");
String response = restTemplate.postForObject("http://localhost:8080/rest/j_spring_security_check", map, String.class);
DEBUG o.s.s.authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
DEBUG o.s.s.a.d.DaoAuthenticationProvider - User '' not found
DEBUG o.s.s.w.a.UsernamePasswordAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials