使用Spring Security成功登录后发送请求
[英]Send request after success login with spring security
问题描述
Right now, I'm learning about implementing REST API with a Spring Security Framework. 
现在,我正在学习有关使用Spring Security Framework实现REST API的知识。
My question is, after success login with spring security, how can i send the request to server and make sure the server know that i am have been authorized (already login with success)? 我的问题是,在使用Spring Security成功登录后,如何将请求发送到服务器,并确保服务器知道我已经被授权(已经成功登录)?
I have a some experiment code to do testing 我有一些实验代码可以进行测试
@RunWith(SpringJUnit4ClassRunner.class)
@WebAppConfiguration
@ContextConfiguration(classes = { WebAppConfig.class, SecurityConfig.class })
public class TheTest {
@Autowired
private WebApplicationContext wac;
@Autowired
private FilterChainProxy filterChainProxy;
protected MockMvc mockMvc;
@Before
public void setup() {
mockMvc = MockMvcBuilders//
.webAppContextSetup(wac)//
.addFilter(filterChainProxy)//
.build()//
;
}
@Test
public void testDoingArequest() throws Exception {
// login here
HttpSession session = mockMvc.perform(//
//
post("/login-process")//
.param("username", "theusername")//
.param("password", "thepassword")//
)//
.andDo(print())//
.andExpect(status().isFound())//
.andReturn().getRequest().getSession()//
;
// login is success and now trying to call request
this.mockMvc.perform(//
get("/doingRequest")//
.session((MockHttpSession) session)// <-- where this part must added to?
)//
.andExpect(status().isOk())//
.andDo(print())//
;
}
}
- --
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()//
.antMatchers("/doingRequest").authenticated()//
.anyRequest().permitAll()//
.and()//
.csrf().disable()//
.formLogin()//
.loginPage("/")//
.loginProcessingUrl("/login-process")//
.defaultSuccessUrl("/");
}
- --
@Controller
public class TheController {
@RequestMapping(value = "doingRequest", method = RequestMethod.GET)
@ResponseBody
public String doingSomething() {
return "Only authorized user can read this";
}
}
- --
Above code is running well but i dont know how to implementing the "session" part in HTTP. 上面的代码运行良好,但是我不知道如何在HTTP中实现“会话”部分。 I'm expecting something like put a token or something in header or url in real life application/implementation not in the testing environment. 我期望在现实生活中的应用程序/实现中放置令牌或在标头或url中放置某种东西,而不是在测试环境中。 How the client get the token? 客户如何获得代币? How do we call the request (with token embedd) in client code.? 我们如何在客户端代码中调用请求(嵌入令牌)?
2 个解决方案
解决方案1
0 2014-07-26 05:19:59
Are you looking for mocking a session object.If yes then you need to import the mock session object, and in the test class you can create and use the object. 您是否正在寻找模拟会话对象,如果需要,则需要导入模拟会话对象,并且可以在测试类中创建和使用该对象。
import org.springframework.mock.web.MockHttpSession; 导入org.springframework.mock.web.MockHttpSession;
MockHttpSession session = new MockHttpSession(); MockHttpSession会话=新的MockHttpSession();
session.setAttribute("variable", object); session.setAttribute(“ variable”,object);
解决方案2
0 2014-07-27 12:05:53
The configuration you have will use the server side session to maintain the security context, and the link with the client is the standard servlet JSESSIONID cookie, so this has nothing to do with Spring Security. 您拥有的配置将使用服务器端会话来维护安全性上下文,并且与客户端的链接是标准的Servlet JSESSIONID cookie,因此与Spring Security无关。 Whether you actually want a session or not will depend on the nature of your client. 您是否真正想要一个会话取决于客户的性质。 If there is no state maintained between the client and server, then each request from the client must be separately authenticated/authorized. 如果客户端和服务器之间没有维护任何状态,则来自客户端的每个请求都必须分别进行身份验证/授权。 This might be done using Basic authentication for example, or something like an OAuth2 access token depending on your requirements. 例如,这可以使用基本身份验证来完成,或者根据您的要求使用OAuth2访问令牌之类的方式来完成。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.