[英]How can I add basic authentication for json
The application I'm working on already has user authentication (it's a desktop application).我正在处理的应用程序已经具有用户身份验证(它是一个桌面应用程序)。 I need to add basic authentication on the url /teachers.htm so that a third-party can receive data in json format.我需要在 url /teachers.htm上添加基本身份验证,以便第三方可以接收 json 格式的数据。 How can I do this?我怎样才能做到这一点? Oh, and I can`t use Spring Boot.哦,我不能使用 Spring 引导。
security.xml安全性.xml
<security:authentication-manager>
<security:authentication-provider ref="customAuthProvider">
</security:authentication-provider>
</security:authentication-manager>
<security:http use-expressions="true" create-session="always">
<security:expression-handler ref="customExpressionHandler" />
<security:intercept-url pattern="/**" access="isAuthenticatedIfRequired()" />
<security:form-login login-page="/login" default-target-url="/index.htm" username-parameter="login" always-use-default-target="true"
password-parameter="password" authentication-failure-url="/login" />
<security:logout invalidate-session="true" logout-success-url="/login" logout-url="/logout.htm" />
<security:session-management session-authentication-strategy-ref="customAuthenticationStrategy" />
</security:http>
CustomAuthenticationProvider CustomAuthenticationProvider
@Override
@Transactional(readOnly = true)
public Authentication authenticate(Authentication authentication) throws AuthenticationException
{
UserInfo user = userDao.findUserByLogin((String) authentication.getPrincipal());
WebAuthenticationDetails details = (WebAuthenticationDetails) authentication.getDetails();
sessionsInfo.addLoggedInUser(details.getSessionId(), user);
return new TRUsernamePasswordAuthenticationToken(user.getId(), user.getLoginName(),
user.getName(), user.getUserType(), user.getUserLanguage(), null, authorities,
organizations, user.getCurrentOrganizationId());
}
There is special tag for that http-basic
.该http-basic
有特殊标签。
In your case will be something like this:在你的情况下将是这样的:
<security:http use-expressions="true">
<security:intercept-url pattern="/teachers.htm" access="isAuthenticated()" />
<security:http-basic />
</security:http>
Cause I already had authentication in the app, I resolved the issue by making two entry-points in Spring Security.因为我已经在应用程序中进行了身份验证,所以我通过在 Spring 安全性中创建两个入口点解决了这个问题。 The result:结果:
<security:user-service id="apiUserDetailsService">
<security:user name="user" password="pw" authorities="ROLE_ADMIN" />
</security:user-service>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="customAuthProvider">
</security:authentication-provider>
<security:authentication-provider user-service-ref="apiUserDetailsService"/>
</security:authentication-manager>
<security:http entry-point-ref="basicAuthEntryPoint" pattern="/pw/**" use-expressions="true">
<security:intercept-url pattern="/pw/smth.htm" access="hasAnyRole('ROLE_ADMIN')" />
<security:custom-filter ref="basicAuthenticationFilter" after="BASIC_AUTH_FILTER" />
</security:http>
<bean id="basicAuthEntryPoint" class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint">
<property name="realmName" value="REST Realm" />
</bean>
<bean id="basicAuthenticationFilter" class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationEntryPoint" ref="basicAuthEntryPoint" />
</bean>
<security:http use-expressions="true" create-session="always">
<security:expression-handler ref="customExpressionHandler"/>
<security:intercept-url pattern="/pages/activationcode.jsp" access="permitAll()"/>
<security:intercept-url pattern="/**/*.css" access="permitAll()"/>
<security:intercept-url pattern="/**" access="isAuthenticatedIfRequired()"/>
<security:form-login login-page="/login" default-target-url="/index.htm" username-parameter="login" always-use-default-target="true"
password-parameter="password" authentication-failure-url="/login"/>
<security:logout invalidate-session="true" logout-success-url="/login" logout-url="/logout.htm"/>
<security:session-management session-authentication-strategy-ref="customAuthenticationStrategy"/>
</security:http>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.