堆栈内存溢出
  简体   繁体   English

如何为 json 添加基本身份验证

[英]How can I add basic authentication for json

 原文  2021-01-11 11:44:16       java/ spring/ spring-security

问题描述

The application I'm working on already has user authentication (it's a desktop application).我正在处理的应用程序已经具有用户身份验证(它是一个桌面应用程序)。 I need to add basic authentication on the url /teachers.htm so that a third-party can receive data in json format.我需要在 url /teachers.htm上添加基本身份验证,以便第三方可以接收 json 格式的数据。 How can I do this?我怎样才能做到这一点? Oh, and I can`t use Spring Boot.哦,我不能使用 Spring 引导。

security.xml安全性.xml

<security:authentication-manager>
    <security:authentication-provider ref="customAuthProvider">
    </security:authentication-provider>
</security:authentication-manager>

<security:http use-expressions="true" create-session="always">
    <security:expression-handler ref="customExpressionHandler" />
    <security:intercept-url pattern="/**" access="isAuthenticatedIfRequired()" />
    <security:form-login login-page="/login" default-target-url="/index.htm" username-parameter="login" always-use-default-target="true"
            password-parameter="password" authentication-failure-url="/login" />
    <security:logout invalidate-session="true" logout-success-url="/login" logout-url="/logout.htm" />
    <security:session-management session-authentication-strategy-ref="customAuthenticationStrategy" />
</security:http>

CustomAuthenticationProvider CustomAuthenticationProvider

@Override
@Transactional(readOnly = true)
public Authentication authenticate(Authentication authentication) throws AuthenticationException
{
    UserInfo user = userDao.findUserByLogin((String) authentication.getPrincipal());
    WebAuthenticationDetails details = (WebAuthenticationDetails) authentication.getDetails();
    sessionsInfo.addLoggedInUser(details.getSessionId(), user);
    return new TRUsernamePasswordAuthenticationToken(user.getId(), user.getLoginName(),
        user.getName(), user.getUserType(), user.getUserLanguage(), null, authorities,
        organizations, user.getCurrentOrganizationId());
}

2 个解决方案

解决方案1
 0 已采纳  2021-01-11 17:20:19

There is special tag for that http-basic .http-basic有特殊标签。

In your case will be something like this:在你的情况下将是这样的:

<security:http use-expressions="true">
    <security:intercept-url pattern="/teachers.htm" access="isAuthenticated()" />
    <security:http-basic />
</security:http>

解决方案2
 0  2021-01-12 14:32:55

Cause I already had authentication in the app, I resolved the issue by making two entry-points in Spring Security.因为我已经在应用程序中进行了身份验证,所以我通过在 Spring 安全性中创建两个入口点解决了这个问题。 The result:结果:

<security:user-service id="apiUserDetailsService">
    <security:user name="user" password="pw" authorities="ROLE_ADMIN" />
</security:user-service>

<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider ref="customAuthProvider">
    </security:authentication-provider>
    <security:authentication-provider user-service-ref="apiUserDetailsService"/>
</security:authentication-manager>

<security:http entry-point-ref="basicAuthEntryPoint" pattern="/pw/**" use-expressions="true">
    <security:intercept-url pattern="/pw/smth.htm" access="hasAnyRole('ROLE_ADMIN')" />
    <security:custom-filter ref="basicAuthenticationFilter" after="BASIC_AUTH_FILTER" />
</security:http>

<bean id="basicAuthEntryPoint" class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint">
    <property name="realmName" value="REST Realm" />
</bean>

<bean id="basicAuthenticationFilter" class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter">
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="authenticationEntryPoint" ref="basicAuthEntryPoint" />
</bean>

<security:http use-expressions="true" create-session="always">
    <security:expression-handler ref="customExpressionHandler"/>
    <security:intercept-url pattern="/pages/activationcode.jsp" access="permitAll()"/>
    <security:intercept-url pattern="/**/*.css" access="permitAll()"/>
    <security:intercept-url pattern="/**" access="isAuthenticatedIfRequired()"/>
    <security:form-login login-page="/login" default-target-url="/index.htm" username-parameter="login" always-use-default-target="true"
                         password-parameter="password" authentication-failure-url="/login"/>
    <security:logout invalidate-session="true" logout-success-url="/login" logout-url="/logout.htm"/>
    <security:session-management session-authentication-strategy-ref="customAuthenticationStrategy"/>
</security:http>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在Spring Boot中使用JWT身份验证实现基本身份验证? - How can I implement Basic Authentication with JWT authentication in Spring Boot? 如何在Android中发送HTTP基本身份验证标头? - How can I send HTTP Basic Authentication headers in Android? 如何向Axis2服务添加基本身份验证? - How to add basic authentication to a Axis2 service? 当SPNEGO无法用于客户端时,如何回退到BASIC或FORM身份验证? - How can I fallback to BASIC or FORM authentication when SPNEGO can't be used for a client? 如何在默认浏览器中打开网页并在Java中后台通过基本身份验证? - How can I open web page in default browser and pass Basic Authentication in background in Java? 使用基本HTTP身份验证发布JSON - POST a JSON with Basic HTTP Authentication 如何将数组添加到 JSON 中? - How can I add an array into JSON? 如何在没有 Spring 或其他库的情况下向 soap 请求添加基本身份验证? - How to add basic authentication to a soap request without Spring or other library? 如何在我的Spring应用程序中添加SASL身份验证 - How I can add SASL Authentication in my Spring Application 将Http基本身份验证添加到servletRequest - Add Http Basic Authentication to servletRequest
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM