gpt4 book ai didi

java - 具有 Html 页面和 Rest Web 服务身份验证的 Spring Security

转载 作者:太空宇宙 更新时间:2023-11-04 13:06:53 25 4
gpt4 key购买 nike

我在我的应用程序中使用 Spring 安全性和数据库登录(将来我必须实现 LDAP 身份验证)。通过网络一切正常,但现在当我从外部调用网络服务时(我有一些用于内部javascript的网络服务和一些用于外部调用的网络服务),我收到登录页面的HTML代码。这是正确的,但现在我怎样才能进行 REST 调用呢?我必须保护它们,我想为每个 Web 服务调用使用 token 或用户名和密码,但如何在 REST 调用中设置用户名和密码?例如与 postman 。然后我也会在

中设置凭据
restTemplate.setRequestFactory(requestFactory);
responseEntity = restTemplate.getForEntity(serverIp + "ATS/client/file/?filePath={filePath}", byte[].class, filePath);

并在

MultipartEntityBuilder builder = MultipartEntityBuilder.create();
ContentBody cbFile = new FileBody(file);
ContentBody cbPath= new StringBody(toStorePath,ContentType.TEXT_PLAIN);
builder.addPart("file", cbFile);
builder.addPart("toStorePath",cbPath);
httppost.setEntity(builder.build());
CloseableHttpResponse httpResponse = httpClient.execute(httppost);
HttpEntity resEntity = httpResponse.getEntity();

在网络上,我什至有用户的角色,也许我还必须将它们用于网络服务。感谢您的建议。问候更新:正如@Gergely Bacso 建议我的那样,我已经更新了我的代码,但现在我遇到了相反的问题:当我调用 Web 服务时,它们返回所有信息,没有用户名和密码。这是安全配置:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true, proxyTargetClass = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
@Qualifier("userDetailsService")
UserDetailsService userDetailsService;

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}

@Bean
public PasswordEncoder passwordEncoder(){
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}

@Configuration
@Order(1)
public static class ApiWebSecurityConfig extends WebSecurityConfigurerAdapter{
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.antMatcher("/client/**")
.authorizeRequests()
.anyRequest().authenticated()
.and()
.httpBasic();
}
}

@Configuration
@Order(2)
public static class FormWebSecurityConfig extends WebSecurityConfigurerAdapter{

@Override
public void configure(WebSecurity web) throws Exception {
web
//Spring Security ignores request to static resources such as CSS or JS files.
.ignoring()
.antMatchers("/static/**");
}

@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests() //Authorize Request Configuration
//.antMatchers("/", "/register").permitAll()
// .antMatchers("/admin/**").hasRole("ADMIN")
.anyRequest().authenticated()
.and() //Login Form configuration for all others
.formLogin()
.loginPage("/login").permitAll();
}
}

}

最佳答案

几天前有人问过类似的问题:

Securing REST service with Spring Security

重要的部分是:

In case you want to secure something that is accessed programatically (for example a REST service being called by another program) then you should not use form-based authentication.

您需要的是更适合这份工作的东西。就像 HTTP 基本身份验证一样。基于表单的登录方法更适合用户可以输入用户名/密码的用例。

关于java - 具有 Html 页面和 Rest Web 服务身份验证的 Spring Security,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34337621/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com