Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/spring/11.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Spring身份验证REST服务以编程方式_Spring_Spring Security_Basic Authentication - Fatal编程技术网
Fatal编程技术网
  • spring/
  • Spring身份验证REST服务以编程方式

Spring身份验证REST服务以编程方式

spring spring-security

Spring身份验证REST服务以编程方式,spring,spring-security,basic-authentication,Spring,Spring Security,Basic Authentication,我正在使用Spring3开发一个API。我希望所有用户在执行请求时都能登录,因此我尝试实现基本的HTTP身份验证。我不想使用XML(大多数文档都使用XML) 服务器当前会对每个请求进行回复,而我的web浏览器不会要求我进行身份验证。我哪里做错了 我搜索了很多网站,以下是我目前得到的信息: 应用程序类别: @Configuration @EnableJpaRepositories @EnableAutoConfiguration @ComponentScan public class Applic

我正在使用Spring3开发一个API。我希望所有用户在执行请求时都能登录,因此我尝试实现基本的HTTP身份验证。我不想使用XML(大多数文档都使用XML)

服务器当前会对每个请求进行回复,而我的web浏览器不会要求我进行身份验证。我哪里做错了

我搜索了很多网站,以下是我目前得到的信息:

应用程序类别:

@Configuration
@EnableJpaRepositories
@EnableAutoConfiguration
@ComponentScan
public class Application
{
@Bean
    public BasicAuthenticationFilter basicAuthenticationFilter(BasicAuthenticationEntryPoint basicAuthenticationEntryPoint,
                                                                AuthenticationManager authenticationManager)
    {
        BasicAuthenticationFilter basicAuthenticationFilter = new BasicAuthenticationFilter(authenticationManager, basicAuthenticationEntryPoint);
        return basicAuthenticationFilter;
    }

    @Bean
    public UserDetailsService userDetailsService()
    {
        return new PersonService();
    }

    @Bean
    public AuthenticationManager authenticationManager()
    {
        return new AuthenticationManagerImpl();
    }

    @Bean
    public AuthenticationProvider authenticationProvider()
    {
        return new CustomAuthenticationProvider();
    }

    @Bean
    public BasicAuthenticationEntryPoint basicAuthenticationEntryPoint()
    {
        BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
        basicAuthenticationEntryPoint.setRealmName("Doccto");
        return basicAuthenticationEntryPoint;
    }
}
我的自定义身份验证管理器

@Component
public class AuthenticationManagerImpl implements AuthenticationManager
{
    @Autowired
    protected AuthenticationProvider authenticationProvider;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException
    {
        return this.authenticationProvider.authenticate(authentication);
    }
}
PersonService.class:

@Service
public class PersonService implements UserDetailsService
{
    @Autowired
    protected PersonRepository personRepository;

    @Override
    public Person loadUserByUsername(String s) throws UsernameNotFoundException
    {
        return this.personRepository.getUserByEmail(s);
    }
}
CustomAuthenticationProvider

@Component
public class CustomAuthenticationProvider implements AuthenticationProvider
{
    @Autowired
    protected PersonService personService;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException
    {
        String username = authentication.getName();
        String password = (String) authentication.getCredentials();

        Person person = this.personService.loadUserByUsername(username);

        if (person == null)
            {
                throw new BadCredentialsException("Username not found.");
            }

        if (!password.equals(person.getPassword()))
            {
                throw new BadCredentialsException("Wrong password.");
            }

        Collection<? extends GrantedAuthority> authorities = person.getAuthorities();

        return new UsernamePasswordAuthenticationToken(username, password, authorities);
    }

    @Override
    public boolean supports(Class<?> aClass)
    {
        return true;
    }
}
我想就是这样。

我终于找到了解决办法。 我必须在SecurityConfig中将所有代码绑定在一起,就像

@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
    @Autowired
    protected BasicAuthenticationFilter filter;
    @Autowired
    protected AuthenticationProvider    authenticationProvider;

    @Override
    protected void configure(HttpSecurity http) throws Exception
    {
        http
            .addFilter(filter)
            .authenticationProvider(authenticationProvider)
            .httpBasic()
            .and()
            .authorizeRequests()
            .antMatchers("/api/**").hasRole("USER")
            .anyRequest().authenticated();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception
    {
    }
}

@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
    @Autowired
    protected BasicAuthenticationFilter filter;
    @Autowired
    protected AuthenticationProvider    authenticationProvider;

    @Override
    protected void configure(HttpSecurity http) throws Exception
    {
        http
            .addFilter(filter)
            .authenticationProvider(authenticationProvider)
            .httpBasic()
            .and()
            .authorizeRequests()
            .antMatchers("/api/**").hasRole("USER")
            .anyRequest().authenticated();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception
    {
    }
}