具有Spring和Spring Security的REST身份验证
[英]REST Authentication With Spring And Spring Security
问题描述
I want develop a RESTfull web service with authentication using Spring and Spring Security. 
我想使用Spring和Spring Security开发带有身份验证的RESTfull Web服务。 All my users will be stored in the DB with an encrypted password and role. 我所有的用户都将使用加密的密码和角色存储在数据库中。 The session should be stored in the context until the session is timedout or logged out to allow consumption of other webservices. 会话应存储在上下文中,直到会话超时或注销以允许使用其他Web服务。
If someone can help me would be great. 如果有人可以帮助我,那就太好了。
Thanks 谢谢
2 个解决方案
解决方案1
0 2014-05-15 12:17:11
Have a look at Jersey with Spring and its ContextSecurityFilter, I do not suggest to use spring security. 看看带有Spring及其它的ContextSecurityFilter的Jersey,我不建议使用spring安全性。 If you make a good Authorization try to use @RolesAllowed method. 如果您获得了良好的授权,请尝试使用@RolesAllowed方法。
解决方案2
-1 2014-05-15 08:58:02
You need to create a spring security context and include in your web application. 您需要创建一个spring安全上下文并包含在您的Web应用程序中。
<security:http pattern="/../../../**" entry-point-
ref="CustomAuthenticationEntryPoint"
<security:custom-filter ref="authenticationTokenProcessingFilter"
position="FORM_LOGIN_FILTER" />
<security:intercept-url pattern="/.*"
access="isAuthenticated()" />
<security:intercept-url pattern="/../../../.*"
access="isAuthenticated()" />
<security:intercept-url pattern="/../../../.*"
access="isAuthenticated()" /> />
and you can have decision voters depending on your URL or other. 并且您可以根据自己的URL或其他来决定投票者。
<bean id="accessDecision"
class="org.springframework.security.access.vote.UnanimousBased">
<property name="decisionVoters">
<set>
<bean
class="org.springframework.security.web.access.expression.WebExpressionVoter">
</bean>
<bean c
class="org.springframework.security.access.vote.AuthenticatedVoter"></bean>
</set>
</property>
</bean>
You can have your own custom authentication entry point and add your code. 您可以拥有自己的自定义身份验证入口点并添加代码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.