使用 Spring Security、Jersey 和 AngularJS 验证表单
Posted
技术标签:
【中文标题】使用 Spring Security、Jersey 和 AngularJS 验证表单【英文标题】:Authenticate a form using Spring Security, Jersey and AngularJS 【发布时间】:2017-04-26 02:28:18 【问题描述】:我正在尝试使用 spring security 3.2.6 来验证我的 Web 应用程序中使用 AngularJS 1.5.9 和 Jersey(执行 Rest 服务)的表单。
这是我的登录表单:
<!DOCTYPE html>
<html>
<head>
<meta charset="ISO-8859-1">
<title>MongoGlass | Login</title>
<style>
body
padding-top: 20px;
.error
color: red;
</style>
</head>
<body>
<div class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">Please sign in</h3>
</div>
<div class="panel-body">
<form accept-charset="UTF-8" role="form" name="loginForm"
novalidate>
<fieldset>
<div class="form-group">
<input class="form-control" placeholder="Username"
name="username" type="text" ng-model="login.username" required>
<span ng-class="'error': loginForm.username.$error.required"
ng-show="loginForm.username.$error.required && loginForm.$submitted">Insert your username</span>
</div>
<div class="form-group">
<input class="form-control" placeholder="Password"
name="password" type="password" ng-model="login.password"
required>
<span ng-class="'error': loginForm.password.$error.required"
ng-show="loginForm.password.$error.required && loginForm.$submitted">Campo
obbligatorio</span>
</div>
<input class="btn btn-lg btn-success btn-block" type="submit"
value="Login" ng-click="loginForm.$valid && submit(login)">
</fieldset>
</form>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
当表单被提交时,在相应的AngularJS控制器中调用sumbit(credentials)
函数:
var myApp = angular.module('LoginModule', []);
myApp.controller('LoginController', ['$scope','$http', function($scope, $http)
$scope.submit = function(credential)
var name = credential.username;
var password = credential.password;
var login =
"name":name,
"password":password
$http(
method : 'POST',
url : "/mongoglass-rest/rest/login/authenticate",
headers :
'Content-Type' : 'application/x-www-form-urlencoded; charset=UTF-8'
,
data : login
)
.success(function(response,status)
);
])
这样,submit
函数调用 /rest/login/authenticate
,这是我的登录表单正在使用 spring-security 处理的地方:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:security="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd">
<context:annotation-config />
<context:component-scan base-package="it.project.mongoglass.rest" />
<beans:bean id="mySuccessHandler" class="it.project.mongoglass.rest.spring.security.RestSuccessHandler">
<beans:property name="defaultTargetUrl" value="/rest/login/authenticate"></beans:property>
</beans:bean>
<security:http
realm="Protected API"
use-expressions="true"
auto-config="false"
create-session="stateless"
entry-point-ref="preAuthenticatedProcessingFilterEntryPoint"
authentication-manager-ref="authenticationManager">
<security:form-login login-processing-url="/rest/login/authenticate"
username-parameter="username" password-parameter="password"
authentication-success-handler-ref="mySuccessHandler"></security:form-login>
<security:intercept-url pattern="/rest/login/**" access="permitAll" />
</security:http>
<beans:bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
<beans:property name="providers">
<beans:list>
<beans:ref bean="daoAuthenticationProvider"/>
</beans:list>
</beans:property>
</beans:bean>
<beans:bean id="daoAuthenticationProvider"
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="daoUserDetailsService"/>
<beans:property name="passwordEncoder" ref="shaPasswordEncoder"/>
</beans:bean>
<beans:bean id="daoUserDetailsService" class="it.project.mongoglass.rest.spring.service.impl.UserDetailsServiceImpl" />
<beans:bean id="shaPasswordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
<beans:constructor-arg value="256"/>
</beans:bean>
</beans:beans>
这不起作用,当我提交表单时,我得到一个 404。
【问题讨论】:
【参考方案1】:$http(
...
url : "/mongoglass-rest/rest/login/authenticate",
...
过滤器中的 url 不同。
login-processing-url="/rest/login/authenticate"
【讨论】:
以上是关于使用 Spring Security、Jersey 和 AngularJS 验证表单的主要内容,如果未能解决你的问题,请参考以下文章
Java:使用带有 Spring Security 的 Jersey Jax-RS 进行用户身份验证
jersey 2.2 和 Spring Security 3 依赖项?
使用 Spring Security 和 Jersey Restful Web 服务进行登录身份验证
Spring boot、jwt、jersey、spring security和CORS问题