0
我嘗試在後端實現Spring Security,並在前端Web應用程序上使用Angularjs一起工作。但是,當我嘗試通過/用戶的方法我得到了驗證用戶:使用Spring安全主體對象進行身份驗證時Spring RestController的IllegalArgumentException
java.lang.IllegalArgumentException: No converter found for return value of type: class org.springframework.security.authentication.UsernamePasswordAuthenticationToken
at org.springframework.util.Assert.isTrue(Assert.java:68) ...
anglarjs驗證功能:
var authenticate = function(credentials, callback) {
var headers = credentials ? {authorization : "Basic "
+ btoa(credentials.username + ":" + credentials.password)
} : {};
console.log("header",headers);
$http.get('user', {headers : headers}).success(function(data) {
if (data.name) {
$rootScope.authenticated = true;
} else {
$rootScope.authenticated = false;
}
callback && callback();
}).error(function() {
$rootScope.authenticated = false;
callback && callback();
});
}
彈簧安置控制器:
@RestController
public class RestApiController {
@RequestMapping("/user")
public Principal user(Principal user) {
return user;
}
...
安全配置:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic()
.and()
.authorizeRequests()
.antMatchers("/index.jsp", "/resources/**","/").permitAll()
.anyRequest().authenticated().and()
.addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class)
.csrf().csrfTokenRepository(csrfTokenRepository());;
}
private CsrfTokenRepository csrfTokenRepository() {
HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
repository.setHeaderName("X-XSRF-TOKEN");
return repository;
}
}