java - Spring Security for REST -
i enabled spring security rest application not getting authorized when using curl.
security.xml
<sec:http use-expressions="true" entry-point-ref="restauthenticationentrypoint"> <sec:intercept-url pattern="/rest/**" access="hasrole('role_user')" /> <sec:form-login authentication-success-handler-ref="mysuccesshandler" /> <sec:logout /> </sec:http> <beans:bean id="mysuccesshandler" class="net.himalay.security.mysavedrequestawareauthenticationsuccesshandler" /> <sec:authentication-manager alias="authenticationmanager"> <sec:authentication-provider> <sec:user-service> <sec:user name="temporary" password="temporary" authorities="role_admin" /> <sec:user name="user" password="userpass" authorities="role_user" /> </sec:user-service> </sec:authentication-provider> </sec:authentication-manager>
customentrypoint
@component public final class restauthenticationentrypoint implements authenticationentrypoint { private static final logger log = loggerfactory.getlogger(restauthenticationentrypoint.class); @override public void commence(final httpservletrequest request, final httpservletresponse response, final authenticationexception authexception) throws ioexception { log.info("---------restauthenticationentrypoint----------"); response.senderror(httpservletresponse.sc_unauthorized, "unauthorized"); } }
controller
@controller @requestmapping("rest") public class multitenantcontroller { @autowired private multitenantservice service; @requestmapping(value = "/user/{id}", method = requestmethod.get) @responsebody public user getuserinfo(@pathvariable long id) { return service.getuser(id); } @requestmapping(value = "/user", method = requestmethod.get) @responsebody public list<user> getcustomers() { return service.getusers(); } @requestmapping(value = "/user/{id}/todo", method = requestmethod.get) @responsebody public list<todoitem> gettransactions(@pathvariable long id) { httpheaders headers = addaccesscontrollalloworigin(); return getuserinfo(id).gettodoitems(); } }
$curl -i -x -u user:userpass http://localhost:8080/mt-rest/rest/user/1/todo
curl: (6) not resolve host: user http/1.1 401 unauthorized server: apache-coyote/1.1 set-cookie: jsessionid=ada11c09484e658c38d8385caba0cfae; path=/mt-rest/; httponly content-type: text/html;charset=utf-8 content-language: en content-length: 975 date: fri, 31 jan 2014 17:14:45 gmt
after taking out security pattern security.xml, works fine. missing here?
you have defined form-login module. believe need specify http-basic. example:
<sec:http-basic />
Comments
Post a Comment