3

我正在我的宁静 Web 服务中实现 Spring Security。我正在使用 http-basic 身份验证,现在当我尝试访问我的服务时,会出现一个 Windows 安全对话框,询问用户名和密码,现在我想通过 http 标头传递用户名和密码,这样我就不需要仅在安全对话中输入详细信息。我的安全配置文件看起来像 -

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <http auto-config="true" create-session="stateless">
        <intercept-url pattern="/**" access="ROLE_USER" />
        <http-basic />
    </http>

    <authentication-manager>
      <authentication-provider>
       <!--  <user-service>
        <user name="yoman" password="123456" authorities="ROLE_USER" />
        </user-service> -->
        <jdbc-user-service data-source-ref="dataSource"

           users-by-username-query="
              select username,password, enabled 
              from users where username=?" 

           authorities-by-username-query="
              select u.username, ur.authority from users u, user_roles ur 
              where u.user_id = ur.user_id and u.username =?  " 

        />
      </authentication-provider>
    </authentication-manager>

</beans:beans>

我正在尝试使用这样的授权标头传递用户名和密码-

HttpHeaders requestHeaders = new HttpHeaders();
requestHeaders.set("Authorization", "Basic "
        + "username:password");

但是每次我访问该服务时,它仍然要求我输入用户名和密码。

我做错了什么,这里的正确方法是什么。我将非常感谢提供的任何帮助。

4

1 回答 1

1

您可以将RestTemplateApache Commons Http Client一起使用。构建一个 CommonsHttpClientFactory 并将其作为构造函数 args 注入到 resttemplate 中,您就可以开始了。这里有一些基本配置可以帮助您入门。

上下文.xml 

 <bean id="webServiceClient" class="com.webserviceclient.Client">
        <constructor-arg ref="restTemplate"/>
        <constructor-arg ref="credentials"/>
    </bean>

    <bean id="httpClientParams" class="org.apache.commons.httpclient.params.HttpClientParams">
        <property name="authenticationPreemptive" value="true"/>
        <property name="connectionManagerClass"
                  value="org.apache.commons.httpclient.MultiThreadedHttpConnectionManager"/>
    </bean>
    <bean id="httpClient" class="org.apache.commons.httpclient.HttpClient">
        <constructor-arg ref="httpClientParams"/>
    </bean>
    <bean id="credentials" class="org.apache.commons.httpclient.UsernamePasswordCredentials">
        <constructor-arg><value>${webservice.username}</value></constructor-arg>
        <constructor-arg><value>${webservice.password}</value></constructor-arg>
    </bean>
    <bean id="httpClientFactory" class="org.springframework.http.client.CommonsClientHttpRequestFactory">
        <constructor-arg ref="httpClient"/>
    </bean>

    <bean id="restTemplate" class="org.springframework.web.client.RestTemplate">
        <constructor-arg ref="httpClientFactory"/>

        <property name="messageConverters">
            <list>
                <bean class="org.springframework.http.converter.json.MappingJacksonHttpMessageConverter">
                </bean>
            </list>
        </property>
    </bean>

    <bean id="jaxbMarshaller" class="org.springframework.oxm.jaxb.Jaxb2Marshaller">
        <property name="classesToBeBound">
            <list>
                <value>your classes</value>
            </list>
        </property>
    </bean>

客户端.java

public class Client {

    private final RestTemplate restTemplate;
    private final Credentials credentials;


    public Client(RestTemplate restTemplate, Credentials credentials) {
        this.restTemplate = restTemplate;
        this.credentials = credentials;
        CommonsClientHttpRequestFactory factory = (CommonsClientHttpRequestFactory) restTemplate.getRequestFactory();
        HttpClient client = factory.getHttpClient();
        client.getState().setCredentials(AuthScope.ANY, this.credentials);
    }
    //consuming websevice
    public <yourObject> get(String url)
    {
      return restTemplate.getForObject(url, <yourObject>.class);
    }

}

干杯。

于 2013-08-28T07:34:33.487 回答