自定义登录表单-Spring Security
[英]Custom login form - Spring Security
问题描述
Does any of you have some example of Custom Spring Security Login form using REST Api? 
你们中的任何人是否有使用REST Api的“定制Spring Security登录”表单的示例? I am actually trying to create my own, and the problems I'm facing are: 我实际上正在尝试创建自己的应用程序,而我面临的问题是:
-
How should be named classes, is it User and Role?
应该如何命名类,是用户和角色?
Cuz I seen many different versions of it.
因为我看过它的许多不同版本。
-
Where should I post JSON file with login and password?
我应该在哪里发布带有登录名和密码的JSON文件?
-
How should it look like?
看起来怎么样?
Thanks in advance for all answers and examples of your code (github or something). 在此先感谢您提供所有答案和示例代码(github之类)。
2 个解决方案
解决方案1
0 2019-04-29 21:16:12
REST APIs are usually stateless. REST API通常是无状态的。 It does not know something about a session. 它对会话一无所知。 So i think you're looking for an basic auth to protect your API. 因此,我认为您正在寻找一种基本的身份验证来保护您的API。 Or you could use openid connect and check the roles based on a token. 或者,您可以使用openid connect并根据令牌检查角色。 This would give you more flexibility for pre conditions and post conditions processing a service call. 这将为您在处理服务呼叫的前提条件和后期条件提供更大的灵活性。
Here is a good example of openid connect with spring boot and google implementation. 这是一个用Spring Boot和google实现实现openid连接的好例子。 Other provider are adaptable. 其他提供者是适应性强的。 Baeldung - Spring Security openid connect Baeldung-Spring Security OpenID连接
If you're just looking for a simple solution with basic auth, take a look here Baeldung - Spring Security basic auth 如果您正在寻找使用基本身份验证的简单解决方案,请在此处查看Baeldung-Spring Security基本身份验证
解决方案2
0 2019-04-30 20:44:19
yes, you can use form login and rest API together, but that means that your rest API isn't going to be stateless, it means that a session will be created and rest APIs are usually stateless, that's why you have to use basic auth, jwt, etc when creating a rest API, but if you really want to use rest API with form-based authentication, I made an example for you, check this link 是的,您可以一起使用表单登录和rest API,但这意味着您的rest API不会是无状态的,这意味着将创建一个会话并且rest API通常是无状态的,这就是为什么您必须使用基本身份验证,jwt等在创建rest API时的方法,但是如果您真的想将rest API与基于表单的身份验证一起使用,我为您提供了一个示例,请查看此链接
This example uses Spring Boot, Spring MVC, H2, Spring Security with custom form login, Spring Data Jpa, but again it's not recommended to use form login for rest API. 该示例使用Spring Boot,Spring MVC,H2,带有自定义表单登录名的Spring Security,Spring Data Jpa,但是同样不建议将表单登录名用于其余API。
Regarding to your questions 关于你的问题
How should be named classes, is it User and Role? 应该如何命名类,是用户和角色? Cuz I seen many different versions of it. 因为我看过它的许多不同版本。
- It's up to you 由你决定
Where should I post JSON file with login and password? 我应该在哪里发布带有登录名和密码的JSON文件?
- If you are using spring security form-based authentication, there no need to post a json 如果您正在使用基于Spring Security表单的身份验证,则无需发布json
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.