Spring MVC 3.1 中的基本身份验证
Posted
技术标签:
【中文标题】Spring MVC 3.1 中的基本身份验证【英文标题】:Basic Authentication in Spring MVC 3.1 【发布时间】:2012-10-05 05:07:34 【问题描述】:我正在尝试使用 Spring MVC 3.1 和 REST API 开发示例应用程序。
在进入应用程序之前,有一个登录表单来验证用户身份。我想使用 REST API 使用用户在登录表单中提供的凭据(用户名和密码)进行基本身份验证。
我的问题是我不知道如何使用 REST API 进行基本身份验证。
我进行了很多搜索,但没有得到任何正确的教程,我可以从中解决我的错误。
请任何人指导我或告诉我任何好的文章?
现在我正在学习以下教程 http://www.jpalace.org/docs/technotes/spring/rest-security.html 但出现空指针异常。
RestClient.java
import org.springframework.web.client.RestTemplate;
public class RestClient
RestTemplate restTemplate = new RestTemplate();
static final String URL = "http://www.assembla.com/spaces/my_spaces";
static final String username = "aaaaa";
static final String password = "aaaaa";
public RestClient()
BasicSecureSimpleClientHttpRequestFactory requestFactory = new BasicSecureSimpleClientHttpRequestFactory();
requestFactory.setCredentialsProvider(new SimpleCredentialsProvider(
new Credentials(username, password)));
restTemplate.setRequestFactory(requestFactory);
public void exec()
System.out.println("restTemplate :::::::::::::::::: " + restTemplate);
String response = restTemplate.getForObject(URL, String.class);
System.out.println("Response:::::::::::::: " + response);
BasicSecureSimpleClientHttpRequestFactory.java
import java.net.HttpURLConnection;
import sun.misc.BASE64Encoder;
public class BasicSecureSimpleClientHttpRequestFactory extends
SecureSimpleClientHttpRequestFactory
public BasicSecureSimpleClientHttpRequestFactory()
protected void prepareSecureConnection(HttpURLConnection connection)
if (credentialsProvider == null)
return;
Credentials credentials = credentialsProvider.getCredentials(null);
String token = credentials.getUsername() + ":"
+ credentials.getPassword();
BASE64Encoder enc = new sun.misc.BASE64Encoder();
String encodedAuthorization = enc.encode(token.getBytes());
connection.setRequestProperty("Authorization", "Basic "
+ encodedAuthorization);
SecureSimpleClientHttpRequestFactory .java
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URI;
import org.springframework.http.HttpMethod;
import org.springframework.http.client.ClientHttpRequest;
import org.springframework.http.client.SimpleClientHttpRequestFactory;
abstract public class SecureSimpleClientHttpRequestFactory extends
SimpleClientHttpRequestFactory
protected CredentialsProvider credentialsProvider;
public SecureSimpleClientHttpRequestFactory()
public CredentialsProvider getCredentialsProvider()
return credentialsProvider;
public void setCredentialsProvider(CredentialsProvider credentialsProvider)
this.credentialsProvider = credentialsProvider;
@Override
public ClientHttpRequest createRequest(URI uri, HttpMethod httpMethod)
throws IOException
HttpURLConnection connection = openConnection(uri.toURL(), null);
prepareConnection(connection, httpMethod.name());
prepareSecureConnection(connection);
return new SecureSimpleClientHttpRequest(connection);
abstract protected void prepareSecureConnection(HttpURLConnection connection);
SecureSimpleClientHttpRequest .java
import java.io.IOException;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URI;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.client.ClientHttpRequest;
import org.springframework.http.client.ClientHttpResponse;
public class SecureSimpleClientHttpRequest implements ClientHttpRequest
public SecureSimpleClientHttpRequest(HttpURLConnection connection)
// TODO Auto-generated constructor stub
@Override
public HttpMethod getMethod()
// TODO Auto-generated method stub
return null;
@Override
public URI getURI()
// TODO Auto-generated method stub
return null;
@Override
public HttpHeaders getHeaders()
// TODO Auto-generated method stub
return null;
@Override
public OutputStream getBody() throws IOException
// TODO Auto-generated method stub
return null;
@Override
public ClientHttpResponse execute() throws IOException
// TODO Auto-generated method stub
return null;
SimpleCredentialsProvider .java
public class SimpleCredentialsProvider implements CredentialsProvider
private Credentials credentials;
public SimpleCredentialsProvider(Credentials credentials)
super();
this.credentials = credentials;
@Override
public Credentials getCredentials(String str)
return credentials;
CredentialsProvider .java
public interface CredentialsProvider
public Credentials getCredentials(String str);
Credentials.java
public class Credentials
private String username;
private String password;
public Credentials(String username, String password)
super();
this.username = username;
this.password = password;
public String getUsername()
return username;
public void setUsername(String username)
this.username = username;
public String getPassword()
return password;
public void setPassword(String password)
this.password = password;
我收到以下错误:
2012 年 10 月 16 日下午 12:56:04 org.apache.catalina.core.StandardWrapperValve 调用 SEVERE: Servlet.service() for servlet spring 抛出异常 java.lang.NullPointerException 在 org.springframework.web.client.RestTemplate$AcceptHeaderRequestCallback.doWithRequest(RestTemplate.java:530) 在 org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:444) 在 org.springframework.web.client.RestTemplate.execute(RestTemplate.java:409) 在 org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:207)
【问题讨论】:
【参考方案1】:如果您已经在使用 Spring MVC,则一种方法是将其与 Spring Security 结合使用:http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity.html
由于它以各种方式支持基本身份验证: http://static.springsource.org/spring-security/site/docs/3.1.x/reference/ns-config.html#ns-form-and-basic
还可以查看这篇文章,了解如何将它与 REST 一起使用: http://www.baeldung.com/2011/11/20/basic-and-digest-authentication-for-a-restful-service-with-spring-security-3-1/
【讨论】:
我正在尝试通过以下 URL "jpalace.org/docs/technotes/spring/rest-security.html" 提供帮助,但没有成功。以上是关于Spring MVC 3.1 中的基本身份验证的主要内容,如果未能解决你的问题,请参考以下文章
为每个端点 Spring MVC 指定不同的(基本)身份验证登录