我们的应用程序是使用 Spring 构建的(MVC、事务、身份验证等)。我们使用 LoginUrlAuthenticationEntryPoint 进行身份验证(请参阅下面的整个 spring security xml)。Web 客户端 (jsp) 使用 j_spring_security_check 表单登录到此应用程序。该应用程序具有 REST API,并且浏览器代码(Web 客户端)对应用程序进行 REST 调用。到目前为止一切顺利,一切正常。我们正在用 Java 编写代码来测试应用程序 - 使用 REST 调用进行端到端测试(类似于真实客户端(在我的例子中是 Web 客户端)调用应用程序的方式)。我在测试端使用 Apache 的 HttpClient 对应用程序进行 REST 调用。你知道如何从 Java 编写的测试代码中验证/登录到应用程序吗?非常感谢任何指导。谢谢,婴儿车。
<security:global-method-security secured-annotations="enabled" pre-post-annotations="enabled"/>
<security:http auto-config="false" use-expressions="true" entry-point-ref="authenticationEntryPoint">
<security:intercept-url pattern="/login*" filters="none"/>
<security:intercept-url pattern="/agentMsg" filters="none"/>
<security:intercept-url pattern="/wait" filters="none"/>
<security:intercept-url pattern="/systemConfig/**" filters="none"/>
<security:intercept-url pattern="/js/**" filters="none" />
<security:intercept-url pattern="/css/**" filters="none" />
<security:intercept-url pattern="/images/**" filters="none" />
<security:intercept-url pattern="/heartbeat" filters="none" />
<security:intercept-url pattern="/reposTracking" filters="none" />
<security:intercept-url pattern="/alerts/sev" filters="none" />
<security:intercept-url pattern="/**" access="isAuthenticated()" />
<security:form-login
login-page="/login"
default-target-url="/"
authentication-failure-url="/login?login_error=1"
authentication-success-handler-ref="mcLoginSuccessHandler"
authentication-failure-handler-ref="mcLoginFailureHandler"
/>
<security:remember-me/>
<security:logout success-handler-ref="mcLogoutHandler"/>
<security:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter"/>
<security:session-management session-authentication-strategy-ref="sas"/>
</security:http>
<!-- needed for remember-me service -->
<bean id="customUserDetailService" class="com.mycompany.admin.tools.webui.beans.MyCompanyUserDetailsService"/>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="vuiAuthenticationProvider"/>
</security:authentication-manager>
<bean id="vuiAuthenticationProvider" class="com.mycompany.admin.tools.webui.beans.VuiMycompanyUserDetailsAuthenticationProvider">
<property name="userDetailsService" ref="customUserDetailService"/>
<property name="passwordEncoder" ref="md5PasswordEncoder"/>
</bean>
<bean id="md5PasswordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"/>
<bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<property name="loginFormUrl" value="/login"></property>
</bean>
<bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter">
<property name="sessionRegistry" ref="sessionRegistry"/>
<property name="expiredUrl" value="/login"/>
<!-- <property name="redirectStrategy" value=""></property> -->
</bean>
<bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<constructor-arg name="sessionRegistry" ref="sessionRegistry" />
<property name="maximumSessions" value="-1" /> <!-- no limit on number of session per user -->
</bean>
<bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />
<bean id="mcLogoutHandler" class="com.mycompany.admin.tools.webui.servlets.McLogoutHandler"/>
<bean id="mcLoginSuccessHandler" class="com.mycompany.admin.tools.webui.servlets.McLoginSuccessHandler"/>
<bean id="mcLoginFailureHandler" class="com.mycompany.admin.tools.webui.servlets.McLoginFailureHandler"/>