Spring认证与Security
Spring认证与Security
提问于 2013-12-04 15:51:06
我的security-context中有以下配置
<!-- web services-->
<http use-expressions="true" pattern="/services/**"
disable-url-rewriting="true" entry-point-ref="restAuthenticationEntryPoint">
<intercept-url pattern="/services/**" access="isFullyAuthenticated()"
requires-channel="https" />
<form-login authentication-success-handler-ref="restSuccessHandler"
authentication-failure-handler-ref="restAuthenticationFailureHandler" />
<logout invalidate-session="true" delete-cookies="JSESSIONID" />
</http>
<!-- browser -->
<http use-expressions="true"
disable-url-rewriting="true">
<intercept-url pattern="/signup*" access="permitAll"
requires-channel="https" />
<intercept-url pattern="/login*" access="permitAll"
requires-channel="https" />
<intercept-url pattern="/logout" access="permitAll"
requires-channel="https" />
<form-login authentication-success-handler-ref="myAuthenticationSuccessHandler"
login-page="/login" authentication-failure-url="/loginFailed" />
<intercept-url pattern="/**" access="isFullyAuthenticated()"
requires-channel="https" />
<session-management
session-authentication-error-url="/loginFailed">
<concurrency-control error-if-maximum-exceeded="true"
max-sessions="1" />
</session-management>
<logout invalidate-session="true" delete-cookies="JSESSIONID" />
</http>我的springSecurityFilterChain是
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>我无法使用
template.postForObject(targetURL + "services/j_spring_security_check", map,
String.class);每次我试一次都会给我一个错误
POST request for "https://localhost:8443/someapp/services/j_spring_security_check" resulted in 401 (Unauthorized);如果我通过删除services来修改url,错误就会消失。但是我想区分rest登录(从移动登录)和普通登录(从浏览器)。对于rest登录,我想返回sessionID,而不是重定向到欢迎页面。我在这里做错了什么?
更新
我就是这样创建HTTP客户机的:
System.setProperty("javax.net.ssl.trustStore", "d:/somekeystore");
System.setProperty("javax.net.ssl.trustStorePassword", "1234");
String targetURL = "https://localhost:8443/someapp/";
// configure HTTPClient and RestTemplate
HttpClient client = new HttpClient();
CommonsClientHttpRequestFactory commons = new CommonsClientHttpRequestFactory(
client);
RestTemplate template = new RestTemplate(commons);
MultiValueMap<String, String> map = new LinkedMultiValueMap<String, String>();
map.add("j_username", "admin");
map.add("j_password", "1234");
map.add("rest", "true");
template.postForObject(targetURL + "services/j_spring_security_check", map,
String.class);回答 2
Stack Overflow用户
回答已采纳
发布于 2013-12-08 16:45:28
我修正了401 (Unauthorized)错误,在<form-login>中指定login-processing-url为
<form-login login-processing-url="/services/j_spring_security_check"
authentication-success-handler-ref="restSuccessHandler"
authentication-failure-handler-ref="restAuthenticationFailureHandler" />Stack Overflow用户
发布于 2013-12-04 16:45:57
我猜这是因为您有/services/**需要完全身份验证,但这也是您尝试提交登录的位置。
尝试使用permitAll添加登录页= "services/login“和”services/login“拦截-url,并将其用作登录名.ie:
<!-- web services-->
<http use-expressions="true" pattern="/services/**" disable-url-rewriting="true" entry-point-ref="restAuthenticationEntryPoint">
<intercept-url pattern="/services/login*" access="permitAll" requires-channel="https" />
<intercept-url pattern="/services/**" access="isFullyAuthenticated()" requires-channel="https" />
<form-login login-page="/services/login" authentication-success-handler-ref="restSuccessHandler" authentication-failure-handler-ref="restAuthenticationFailureHandler" />
<logout invalidate-session="true" delete-cookies="JSESSIONID" />
</http>页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/20379832
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号