stackoom
  简体   繁体   中英

spring security with custom filter remote access gets 401 HTTP Status 401 - Full authentication is required, but not when using localhost

 原文  2013-07-22 20:51:34       spring/ security/ filter/ spring-security

Question

I have a spring security web application, with the following application context configuration using the spring security 3.1 namespace: 

<security:http create-session="stateless" authentication-manager-ref="authenticationManager">
    <security:intercept-url pattern="/**" access="ROLE_USER" />
    <security:custom-filter ref="restAuthenticationFilter" position="FIRST" />
    <security:http-basic/>
</security:http>

<security:authentication-manager alias='authenticationManager'>
    <security:authentication-provider user-service-ref='customUserDetailsService' />
</security:authentication-manager>

<bean id="restAuthenticationFilter" class="com...security.RestAuthenticationFilter"/>
<bean id="customUserDetailsService" class="com...security.RestUserDetailsService"/>

When I go to my browser and enter the URL http://localhost/rest/user/getByUsername?userName=foo&passWord=bar&deviceId=1234 my custom filter gets called, and the user is authenticated by his user name, password, and deviceId, and he is allowed to retrieve his user information from the URL. However, I need to test whether this works from the android which is on the same network. So, if I do ifconfig and grab my local ip address from ifconfig , replace localhost with it, and type enter the URL in my browser http://<local ip address>/rest/user/getByUsername?userName=foo&passWord=bar&deviceId=1234 in my browser, then I get HTTP Status 401 - Full authentication is required to access this resource and the browser brings up a popup form to login using username and password.

I want my app to authorize the same way via remote request as it does with localhost.

Your help will be so, so greatly appreciated. Thanks pals :)

1 answers

solution1
 0  2013-07-23 06:51:51

I see problem in your configuration 

<security:custom-filter ref="restAuthenticationFilter" position="FIRST" />

You should put your filter after CONCURRENT_SESSION_FILTER to allow proper Spring Security functionality. 

<security:custom-filter ref="restAuthenticationFilter" after="SECURITY_CONTEXT_FILTER"/>

Please look here: http://static.springsource.org/spring-security/site/docs/3.0.x/reference/springsecurity-single.html#ns-custom-filters

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question HTTP Status 401 - Full authentication is required to access this resource status=401, error=Unauthorized, message=Full authentication is required to access this resource in Spring Framework when trying to receive a token Spring Security Authentication issue: HTTP 401 Spring REST API, intercept 401 Full authentication required Return Http Status (eg. 401) or redirect Spring Security spring eureka security Batch update failure with HTTP status code 401 Spring Security - 401 Unauthorized access Spring-Security: Return Status 401 When AuthenticationManager Throws BadCredentialsException Migrating Spring Security 3.1 with XML config to 4.0.1 with Java config causes HTTP Status 401 - Authentication Failed: Bad credentials Spring Security Authentication not give 401 error
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM