我正在尝试创建一个将由其他Web服务使用的restful Web服务.理想情况下,当客户端访问服务并且未经过身份验证时,他们应该获得401.我希望用户能够通过向请求添加身份验证标头来进行身份验证.我不希望用户填写登录表单,然后发布.我也不希望它在cookie中存储任何登录凭证(即保持状态)它应该在每个请求的auth头发送中.我使用spring roo来创建Web服务.
我目前所拥有的(取自一个spring security 3.1教程),当用户获得401时,他们会被提交一个登录页面,然后发布页面,获得他们随每个请求发送的cookie.
这是我的spring security xml.
<http use-expressions="true">
<intercept-url pattern="/customers/**" access="isAuthenticated()" />
<intercept-url pattern="/**" access="denyAll" />
<form-login />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="alice" password="other" authorities="user" />
<user name="custome1" password="other" authorities="user" />
</user-service>
</authentication-provider>
</authentication-manager>
当我从curl发送请求时,我得到以下内容:
$ curl -i -H "Accept: application/json" -H "Authorization: Basic Y3VzdG9tZXIxOm90aGVy" http://localhost:8080/Secured/customers
HTTP/1.1 302 Found
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=B4F983464F68199FA0160DBE6279F440; Path=/Secured/; HttpOnly
Location: http://localhost:8080/Secured/spring_security_login;jsessionid=B4F983464F68199FA0160DBE6279F440
Content-Length: 0
Date: Thu, 25 Apr 2013 17:18:48 GMT
我的基本标头令牌是base64(customer1:other)
如何让Web服务接受auth标头,而不是将我重定向到登录页面?
当我从security.xml中删除时,我得到以下内容:
excpetion:org.springframework.beans.factory.parsing.BeanDefinitionParsingException:
Configuration problem: No AuthenticationEntryPoint could be …我正在编写一个webapp,并尝试缓存从控制器调用的一些pojos.
当我尝试使用org.springframework.cache.annotation.Cacheable时,我无法获得任何工作,所以我切换到com.googlecode.ehcaceh.annotations.Cacheable,我仍然无法将其缓存.
我的代码看起来像这样:
@Controller
public class Conttroller {
@RequestMapping(method = RequestMethod.GET)....
public Person getPerson(String id) {
LOG.debug("Trying to get resource...);
Person person = personService.detect(id);
LOG.debug("got person");
并且服务看起来像:
public class PersonService {
@Cacheable(cacheName="deviceCache")
public Person detect(String id) {
LOG.debug("cache missed")
我的applicationContext看起来像
<context:component-scan base-package="com.mycompany" />
<ehcache:annotation-driven cache-manager="ehCacheManager" />
<bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheCacheManager">
<property name="cacheManager">
<ref bean="ehCacheManager" />
</property>
</bean>
<bean id="ehCacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" p:configLocation="/META-INF/ehcache.xml" />
我的ehcache看起来像:
<defaultCache eternal="false" maxElementsInMemory="1000"
overflowToDisk="false" diskPersistent="false" timeToIdleSeconds="0"
timeToLiveSeconds="600" memoryStoreEvictionPolicy="LRU"/>
<cache name="deviceCache"
maxElementsInMemory="100" overflowToDisk="false" diskPersistent="false"
timeToIdleSeconds="0" timeToLiveSeconds="300"
memoryStoreEvictionPolicy="LRU" />
有趣的是它在我的单元测试中缓存... …