1
這是交易。我必須僅使用應用程序用戶的用戶名進行單一身份驗證,並且必須使用angular,spring和mysql。目前,我有收到一封電子郵件(用戶名)一個REST POST服務,我要檢查,如果該用戶在用戶表存在於數據庫中,我有迴應該JSON結構:使用Spring安全性3以REST身份驗證用戶只能使用用戶名
{"response":{"loggedIn":"true"}} or {"response":{"loggedIn":"false"}}
我發現一個例子使用http-basic春季安全認證和工作正常,問題是這種方法不適用於我,因爲該方法需要和用戶名和密碼,但只有我需要一個用戶名,並檢查該用戶是否在數據庫上。
我的問題是如何使用我的REST服務和只有用戶名字段的單一身份驗證使用spring security進行身份驗證?
這是我的春天的context.xml
<security:http pattern="/login" security="none">
</security:http>
<security:http auto-config="true">
<security:intercept-url pattern="/**" access="ROLE_REST" />
<security:http-basic />
<security:logout logout-url="/logout" logout-success-url="/" invalidate-session="true" delete-cookies="true" />
</security:http>
<security:authentication-manager>
<security:authentication-provider user-service-ref="watUserDetailService">
<security:password-encoder hash="md5" />
</security:authentication-provider>
</security:authentication-manager>
這是我的休息控制器:
@Controller
public class UserController {
@Autowired
ILoginService loginService;
@RequestMapping(value = "/login", method = RequestMethod.POST, produces = "application/json", consumes = "application/json")
public @ResponseBody IResponse login(@RequestBody @Valid LoginForm form, BindingResult result) {
IResponse loginReponse = null;
if (result.hasErrors()) {
ResponseError errorReponse = new ResponseError();
errorReponse.getError().put("key", KeyConstants.NOT_VALID_EMAIL_ERROR_KEY);
loginReponse = errorReponse;
} else {
Response response = new Response();
User loggedUser = null;
try {
loggedUser = loginService.login(form.getEmail());
if (loggedUser != null) {
response.getResponse().put("loggedIn", Boolean.TRUE.toString());
}
loginReponse = response;
} catch (ServiceException e) {
response.getResponse().put("loggedIn", Boolean.FALSE.toString());
loginReponse = response;
}
}
return loginReponse;
}
}
感謝,爲你有益的幫助,爲我的英語很抱歉。