使用GET的springrest授权
我正在使用REST“登录”函数对服务器进行验证。验证成功,但当我尝试使用登录函数生成的“x-auth-token”访问URL时,我得到了未经授权的HTTP 401。我做错了什么使用GET的springrest授权,spring,spring-mvc,spring-security,Spring,Spring Mvc,Spring Security,我正在使用REST“登录”函数对服务器进行验证。验证成功,但当我尝试使用登录函数生成的“x-auth-token”访问URL时,我得到了未经授权的HTTP 401。我做错了什么 @RequestMapping(value = "login", method = GET) public String login(@RequestParam("user") String username, @RequestParam("password") String p
@RequestMapping(value = "login", method = GET)
public String login(@RequestParam("user") String username,
@RequestParam("password") String password,
@RequestParam("customerId") String customerId,
HttpServletRequest req) throws Exception
{
// Force session creation so it's available to Spring Security post processor filter
req.getSession(true);
// Authenticate using AuthenticationManager configured on SecurityContext
AuthenticationManager authMgr = securityConfig.authenticationManagerBean();
UsernamePasswordAuthenticationToken authReq = new UsernamePasswordAuthenticationToken(username, password);
authReq.setDetails(authenticationDetailsSource.buildDetails(req));
Authentication authResp = authMgr.authenticate(authReq);
// If successful add the authentication response to context so the post processor filter can save it to session
SecurityContextHolder.getContext().setAuthentication(authResp);
return "LOGIN OK";
}
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
@Autowired
private CustomAuthenticationProvider customAuthenticationProvider;
@Override
public void configure(WebSecurity web) throws Exception
{
web.ignoring().antMatchers("/session/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception
{
http.authorizeRequests().anyRequest().authenticated().and().requestCache().requestCache(new NullRequestCache()).and().httpBasic();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception
{
auth.authenticationProvider(customAuthenticationProvider);
}
}
你是如何设置你的安全配置的?你想访问哪个URL?