0

We have an existing jsf/spring application that uses spring security for authentication and authorization.

Now we want to add a restful web service layer, to be used by a mobile client (native android app.) The existing authentication process uses j_spring_security_check and a custom filter.

Can I handle the restful api authentication and authorization within the same context? If yes, how?

4

1 回答 1

0

一种可能性是为 API 领域创建另一个安全配置。将其配置为 HTTP BASIC 身份验证(如果适合您并且 API 通过 https 提供)。

例如:

<http use-expressions="true" pattern="/api/**" realm="API Realm" create-session="stateless">    
     ...
     <http-basic />
     ...
     <logout logout-url="/api/logout" />
</http>

编辑:根据评论者的评论,我正在纠正我的答案:不幸的是,这种方法在 Spring Security 3.0 中不起作用,因为 Spring Security 配置中的多个 http 元素是在 3.1 中添加的。

于 2013-04-01T01:01:39.687 回答