Spring身份验证REST服务以编程方式
我正在使用Spring3开发一个API。我希望所有用户在执行请求时都能登录,因此我尝试实现基本的HTTP身份验证。我不想使用XML(大多数文档都使用XML) 服务器当前会对每个请求进行回复,而我的web浏览器不会要求我进行身份验证。我哪里做错了 我搜索了很多网站,以下是我目前得到的信息: 应用程序类别:Spring身份验证REST服务以编程方式,spring,spring-security,basic-authentication,Spring,Spring Security,Basic Authentication,我正在使用Spring3开发一个API。我希望所有用户在执行请求时都能登录,因此我尝试实现基本的HTTP身份验证。我不想使用XML(大多数文档都使用XML) 服务器当前会对每个请求进行回复,而我的web浏览器不会要求我进行身份验证。我哪里做错了 我搜索了很多网站,以下是我目前得到的信息: 应用程序类别: @Configuration @EnableJpaRepositories @EnableAutoConfiguration @ComponentScan public class Applic
@Configuration
@EnableJpaRepositories
@EnableAutoConfiguration
@ComponentScan
public class Application
{
@Bean
public BasicAuthenticationFilter basicAuthenticationFilter(BasicAuthenticationEntryPoint basicAuthenticationEntryPoint,
AuthenticationManager authenticationManager)
{
BasicAuthenticationFilter basicAuthenticationFilter = new BasicAuthenticationFilter(authenticationManager, basicAuthenticationEntryPoint);
return basicAuthenticationFilter;
}
@Bean
public UserDetailsService userDetailsService()
{
return new PersonService();
}
@Bean
public AuthenticationManager authenticationManager()
{
return new AuthenticationManagerImpl();
}
@Bean
public AuthenticationProvider authenticationProvider()
{
return new CustomAuthenticationProvider();
}
@Bean
public BasicAuthenticationEntryPoint basicAuthenticationEntryPoint()
{
BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
basicAuthenticationEntryPoint.setRealmName("Doccto");
return basicAuthenticationEntryPoint;
}
}
我的自定义身份验证管理器
@Component
public class AuthenticationManagerImpl implements AuthenticationManager
{
@Autowired
protected AuthenticationProvider authenticationProvider;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException
{
return this.authenticationProvider.authenticate(authentication);
}
}
PersonService.class:
@Service
public class PersonService implements UserDetailsService
{
@Autowired
protected PersonRepository personRepository;
@Override
public Person loadUserByUsername(String s) throws UsernameNotFoundException
{
return this.personRepository.getUserByEmail(s);
}
}
CustomAuthenticationProvider
@Component
public class CustomAuthenticationProvider implements AuthenticationProvider
{
@Autowired
protected PersonService personService;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException
{
String username = authentication.getName();
String password = (String) authentication.getCredentials();
Person person = this.personService.loadUserByUsername(username);
if (person == null)
{
throw new BadCredentialsException("Username not found.");
}
if (!password.equals(person.getPassword()))
{
throw new BadCredentialsException("Wrong password.");
}
Collection<? extends GrantedAuthority> authorities = person.getAuthorities();
return new UsernamePasswordAuthenticationToken(username, password, authorities);
}
@Override
public boolean supports(Class<?> aClass)
{
return true;
}
}
我想就是这样。我终于找到了解决办法。 我必须在SecurityConfig中将所有代码绑定在一起,就像
@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
@Autowired
protected BasicAuthenticationFilter filter;
@Autowired
protected AuthenticationProvider authenticationProvider;
@Override
protected void configure(HttpSecurity http) throws Exception
{
http
.addFilter(filter)
.authenticationProvider(authenticationProvider)
.httpBasic()
.and()
.authorizeRequests()
.antMatchers("/api/**").hasRole("USER")
.anyRequest().authenticated();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception
{
}
}
@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
@Autowired
protected BasicAuthenticationFilter filter;
@Autowired
protected AuthenticationProvider authenticationProvider;
@Override
protected void configure(HttpSecurity http) throws Exception
{
http
.addFilter(filter)
.authenticationProvider(authenticationProvider)
.httpBasic()
.and()
.authorizeRequests()
.antMatchers("/api/**").hasRole("USER")
.anyRequest().authenticated();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception
{
}
}