I want to use authentication with my application. I have applied a Spring MVC app and spring security. Against the browser, it's working fine. This means, I certify the user for my app and use the web page.
Now, I want to use comfort. I added my uncomfortable control method @ResponseBody and I got a response in Jason. But how to join my application with the user and password with RestTemplate?
My code in RestClient (for testing) is:
public zero unsecureProfileTest () {string url = articleServiceUrl + "unsafe / profile / test.json"; Url = articleServiceUrl + "secure / profile / wiew.json"; HttpEntity & LT; Object & gt; Unit = new HttpEntity & lt; Object & gt; (GetHeaders ("User: User-powered")); Object s = restTemplate.exchange (url, HttpMethod.GET, unit, Object.class); } Fixed HttpHeaders getHeaders (string auth) {HttpHeaders header = new HTTP header (); Headers.setContentType (MediaType.APPLICATION_JSON); Headers.setAccept (Arrays.asList (MediaType.APPLICATION_JSON, MediaType.TEXT_HTML)); Byte [] Encoded Authorized = Base 64. encode (auth.getBytes ()); Headers.add ("authorization", "basic" + new string (encoded authorization); Return headers; } My SecurityConfig:. Zero Configure
@Override Protects (HttpSecurity http) throws exception {http.csrf () to disable (); Http.authorizeRequests (). ("/ *") AntMatchers PermitAll () And () .formLogin (). SuccessHandler (successHandler) .defaultSuccessUrl ("/") FailureHandler (failureHandler) .failureUrl ("/ login? Error = true") PermitAll () And (). Logout () .permitAll (); Http.authorizeRequests () antMatchers ("/ Resources / **") permitAll () .. Http.authorizeRequests () antMatchers ("/ welcome") permitAll () .. Http.authorizeRequests () antMatchers ("/ unsecured / **") permitAll () .. Http.authorizeRequests () antMatchers ("/ secure / *") authenticated () .. Http.authorizeRequests (). AntMatchers ("/ admin / **"). Harol ("Admin") .anyRequest () Authenticated (); } The result of this is: Access is denied. I feel the problem coming from authentication from restTemplate, but how can I certify?
My second question is about disabled with CSRF, but I want to enable it (use it in my forms)
I use Spring 4.0 and Spring Protection 3.2 I am
edit I have my code
string URL = ArticleServiceUrl + "unbearable / profile / test .json "; Url = articleServiceUrl + "secure / profile / wiew.json"; HttpEntity & LT; Object & gt; Unit = new HttpEntity & lt; Object & gt; (GetHeaders ("{user: user password, password: user password}")); Object s = restTemplate.exchange (url, HttpMethod.GET, unit, Object.class); Send me a code 302
Edit 18022014 - 16:46 I updated to
string url = articleServiceUrl + "login? Username = user & password = userpassword"; HTTPNT unit rest templates; Exchange (URL, HTTPMethod.POST, blank, httpNT.class) system.out.println (unit); In the log of the web server, I received the message of success (see user details on "user").
Now, I want to use certification to access other urls ("safe / profile / visual.joson")
How to keep the authentication is?
Thanks
I am playing with spring safety and spring boot REST application And I created MapCsrfTokenRepository for my own that I use instead of default HttpSessionCsrfTokenRepository .
Then you can enable CSRF for your remaining URI with
http.csrf (). CsrfTokenRepository (tokenRepository) The main idea is to go back to the new CSRF_TOKEN when customer get / get the resource with access, because No CSRF token is required for GET. And then the customer will have to use this token in the next call.
Example
Comments
Post a Comment