Spring Security 401 - 使用 / Angularjs 调用 restful 服务

Posted

技术标签:

【中文标题】Spring Security 401 - 使用 / Angularjs 调用 restful 服务【英文标题】:Spiring Security 401 - Invoking restful services w/ Angularjs 【发布时间】:2014-03-22 22:24:23 【问题描述】:

我对 Spring Security 有疑问。我已经完成了与我的用户的身份验证过程,但是当我通过 angularjs 调用 restful 服务时出现错误 401。

    <?xml version="1.0" encoding="UTF-8" standalone="no"?>
<beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:context="http://www.springframework.org/schema/context" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans   
                        http://www.springframework.org/schema/beans/spring-beans-3.1.xsd      
                        http://www.springframework.org/schema/security    
                        http://www.springframework.org/schema/security/spring-security-3.1.xsd        
                        http://www.springframework.org/schema/context         
                        http://www.springframework.org/schema/context/spring-context-3.1.xsd">

    <context:component-scan base-package="it.xxx.yyy.service.security" scoped-proxy="interfaces" />

    <http realm="Protected API"
            use-expressions="true"
            auto-config="false"
            create-session="stateless"
            entry-point-ref="unauthorizedEntryPoint"
            authentication-manager-ref="authenticationManager">
        <custom-filter ref="authenticationTokenProcessingFilter" position="FORM_LOGIN_FILTER" />    
        <intercept-url pattern="/" access="permitAll"/>
        <intercept-url pattern="/static/**" access="permitAll"/>
        <intercept-url pattern="/rest/" access="permitAll"/>
        <intercept-url pattern="/rest/secure/**" access="isAuthenticated()" />
        <intercept-url pattern="/secure/**" access="isAuthenticated()"/>
        <remember-me key="YYY2RMKey" user-service-ref="CustomUserDetailsService"/> 
    </http>
    <authentication-manager id="authenticationManager">
        <authentication-provider user-service-ref="CustomUserDetailsService">
            <password-encoder hash="sha"/>
        </authentication-provider>
    </authentication-manager>
</beans:beans>

有什么想法吗?

【问题讨论】:

【参考方案1】:

也许解决办法就是这样解释方法

<intercept-url method="GET" pattern="/rest/secure/**" access="isAuthenticated()" />
<intercept-url method="PUT" pattern="/rest/secure/**" access="isAuthenticated()" />
<intercept-url method="POST" pattern="/rest/secure/**" access="isAuthenticated()" />
<intercept-url method="DELETE" pattern="/rest/secure/**" access="isAuthenticated()" />

【讨论】:

以上是关于Spring Security 401 - 使用 / Angularjs 调用 restful 服务的主要内容,如果未能解决你的问题,请参考以下文章

Spring Security 401 - 使用 / Angularjs 调用 restful 服务

Spring Security 测试返回 401(未经授权)

grails spring security rest /api/login 401 Unauthorized

Spring Security OAuth2 SSO 未经授权的 401 错误

如何处理 spring security + angular 中的 401 错误?

Grails 3 和 Spring Security:当用户未登录时返回 401