Spring Security REST授權

Question

我厭倦瞭如何通過Spring Security REST json來登錄。我寫的Android後端/ iOS.Here是我security.xml文件：

<http use-expressions="true" create-session="stateless" entry-point-ref="restAuthenticationEntryPoint">   
     <intercept-url pattern="/auth/**" access="permitAll" /> 
     <intercept-url pattern="/**" access="isAuthenticated()" />  
     <custom-filter ref="myFilter" position="FORM_LOGIN_FILTER"/> 
     <logout />    
    </http> 

    <beans:bean id="myFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"> 
      <beans:property name="authenticationManager" ref="authenticationManager"/> 
      <beans:property name="authenticationSuccessHandler" ref="mySuccessHandler"/> 
    </beans:bean> 
    <beans:bean id="mySuccessHandler" class="com.teamodc.jee.webmail.security.MySavedRequestAwareAuthenticationSuccessHandler"/> 


    <authentication-manager alias="authenticationManager"> 
     <authentication-provider user-service-ref="userDetailsService" /> 
     <authentication-provider ref="authenticationProvider" /> 
    </authentication-manager> 

    <beans:bean id="authenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"> 
     <beans:property name="userDetailsService" ref="userDetailsService"/> 
    </beans:bean> 

這是我AuthenticationController：

@Controller 
@RequestMapping(value = "/auth") 
public class AuthorizationController { 

    @Autowired 
    @Qualifier(value = "authenticationManager") 
    AuthenticationManager authenticationManager; 

    private SimpleGrantedAuthority anonymousRole = new SimpleGrantedAuthority("ROLE_ANONYMOUS"); 

    @RequestMapping(value = "/login", method = RequestMethod.POST, headers = {"Accept=application/json"}) 
    @ResponseBody 
    public Map<String, String> login(@RequestParam("login") String username, @RequestParam("password") String password) { 
     Map<String, String> response = new HashMap<String, String>(); 


      UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password); 

      try { 
       Authentication auth = authenticationManager.authenticate(token); 
       SecurityContextHolder.getContext().setAuthentication(auth); 

       response.put("status", "true");    
       return response; 
      } catch (BadCredentialsException ex) { 
       System.out.println("Login 3"); 
       response.put("status", "false"); 
       response.put("error", "Bad credentials"); 
       return response; 
      } 
     } 

最後，我的web.xml：

<context-param> 
    <param-name>contextConfigLocation</param-name> 
    <param-value> 
     /WEB-INF/spring/appServlet/servlet-context.xml 
    </param-value> 
</context-param> 

<listener> 
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
</listener> 

<servlet> 
    <servlet-name>Spring MVC Dispatcher Servlet</servlet-name> 
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 
    <init-param> 
     <param-name>contextConfigLocation</param-name> 
     <param-value>/WEB-INF/spring/appServlet/dispatcher.xml</param-value> 
    </init-param> 
    <load-on-startup>1</load-on-startup> 
</servlet> 

<servlet-mapping> 
    <servlet-name>Spring MVC Dispatcher Servlet</servlet-name> 
    <url-pattern>/</url-pattern> 
</servlet-mapping> 

<filter> 
    <filter-name>charsetFilter</filter-name> 
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> 
    <init-param> 
     <param-name>encoding</param-name> 
     <param-value>UTF-8</param-value> 
    </init-param> 
    <init-param> 
     <param-name>forceEncoding</param-name> 
     <param-value>true</param-value> 
    </init-param> 
</filter> 

<filter-mapping> 
    <filter-name>charsetFilter</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping> 

<filter> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
</filter> 

<filter-mapping> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping> 

我已經從Firefox休息客戶端進行了測試，但是當我設置的URL是bla/user/1然後它花了我401（這是正確的），但是當URL是bla/auth /登錄它花了我404，並且返回WARN [org.springframework.web.servlet.PageNotFound] - 但是當我在@Controller中標記路徑時可能如何？

Answer 1

您的login()方法似乎映射到/auth/auth/login。方法級別@RequestMapping註釋中給出的路徑與類級別註釋相關。

嘗試將方法級別註釋更改爲@RequestMapping(value = "/login"...。

編輯：
如果這僅僅是一個錯字，你仍然有處理程序映射的問題，然後確保你在你的Spring上下文中的相應說明：爲了

1. <context:component-scan base-package="package.for.controllers"/>到讓你的控制器實例化爲spring beans。
2. <mvc:annotation-driven/>爲了支持@RequestMapping帶註釋的控制器方法。有關更多信息，請參閱reference docs。

此外，請確保它們實際上處於相同的上下文中（通常在servlet上下文中）。