我们有一个使用 Java、Spring 3.2.x 和 hibernate 开发的 web 应用程序。
通过将 Web 应用程序作为服务器来实现 RestFul 服务。(应用程序既是 Web 应用程序又是用于休息的服务器)。
每当我使用 http 请求从服务器获取数据时,我需要登录到 webapp 吗?这就是我现在的问题。在我登录之前,我无法获得详细信息。一些我需要绕过此登录的方式。有什么建议么!提前致谢!如果您需要更多详细信息,请告诉我!
web.xml 的 servlet 部分
<servlet>
<servlet-name>test</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>test</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>test</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
对于 webapp 中的安全性,使用 spring security。
以下是我的 security.xml 文件
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<import resource="classpath:spring-authentication.xml"/>
<security:http pattern="/" security="none"/>
<security:http pattern="/login.*" security="none"/>
<security:http pattern="/forgotpassword.*" security="none"/>
<security:http pattern="/img/**" security="none"/>
<security:http pattern="/css/**" security="none"/>
<security:http pattern="/ws/**" security="none"/>
<security:http realm="myrealm">
<security:intercept-url pattern="/*jsp" access="ROLE_ADMIN"/>
<!-- order matters so these overrides must be above the star do below to work -->
<security:intercept-url pattern="/welcome.do" access="ROLE_ADMIN"/>
<security:intercept-url pattern="/MyProfile.do" access="ROLE_ADMIN"/>
<security:intercept-url pattern="/User.do" access="ROLE_ADMIN"/>
<security:intercept-url pattern="/UserSearch.do" access="ROLE_ADMIN"/>
<security:intercept-url pattern="/UserList.do" access="ROLE_ADMIN"/>
<security:intercept-url pattern="/PasswordReset.do" access="ROLE_ADMIN"/>
<security:intercept-url pattern="/*do" access="ROLE_ADMIN"/>
<security:intercept-url pattern="/*csv" access="ROLE_ADMIN"/>
<security:intercept-url pattern="/*pdf" access="ROLE_ADMIN"/>
<security:intercept-url pattern="/ui/**" access="ROLE_ADMIN" />
<security:intercept-url pattern="/admin/**" access="ROLE_ADMIN" />
<!-- Catch all to prevent public access to anything missed by proceeding filters -->
<security:intercept-url pattern="/**" access="ROLE_ADMIN" />
<security:form-login login-page="/login.do"
default-target-url="/welcome.do"
always-use-default-target="true"
authentication-failure-url="/login.do?login_error=1"
/>
<security:logout logout-success-url="/login.do" />
<security:http-basic/>
<security:anonymous />
</security:http>
<bean id="authProvider" class="security.AuthenticationProvider">
</bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="authProvider"/>
</security:authentication-manager>
</beans>