使用 Spring Security、Jersey 和 AngularJS 验证表单

Posted

技术标签:

【中文标题】使用 Spring Security、Jersey 和 AngularJS 验证表单【英文标题】:Authenticate a form using Spring Security, Jersey and AngularJS 【发布时间】:2017-04-26 02:28:18 【问题描述】:

我正在尝试使用 spring security 3.2.6 来验证我的 Web 应用程序中使用 AngularJS 1.5.9 和 Jersey(执行 Rest 服务)的表单。

这是我的登录表单:

<!DOCTYPE html>
<html>
<head>
<meta charset="ISO-8859-1">
<title>MongoGlass | Login</title>

<style>
body 
    padding-top: 20px;


.error 
    color: red;

</style>

</head>
<body>
    <div class="container">
        <div class="row">
            <div class="col-md-4 col-md-offset-4">
                <div class="panel panel-default">
                    <div class="panel-heading">
                        <h3 class="panel-title">Please sign in</h3>
                    </div>
                    <div class="panel-body">
                        <form accept-charset="UTF-8" role="form" name="loginForm"
                            novalidate>
                            <fieldset>
                                <div class="form-group">
                                    <input class="form-control" placeholder="Username"
                                        name="username" type="text" ng-model="login.username" required>
                                    <span ng-class="'error': loginForm.username.$error.required"
                                        ng-show="loginForm.username.$error.required && loginForm.$submitted">Insert your username</span>
                                </div>
                                <div class="form-group">
                                    <input class="form-control" placeholder="Password"
                                        name="password" type="password" ng-model="login.password"
                                        required>
                                    <span ng-class="'error': loginForm.password.$error.required"
                                    ng-show="loginForm.password.$error.required && loginForm.$submitted">Campo
                                    obbligatorio</span>     
                                </div>
                                <input class="btn btn-lg btn-success btn-block" type="submit" 
                                value="Login" ng-click="loginForm.$valid && submit(login)">
                            </fieldset>
                        </form>
                    </div>
                </div>
            </div>
        </div>
    </div>
</body>
</html>

当表单被提交时,在相应的AngularJS控制器中调用sumbit(credentials)函数:

var myApp = angular.module('LoginModule', []);

myApp.controller('LoginController', ['$scope','$http', function($scope, $http)

    $scope.submit = function(credential) 

        var name = credential.username;
        var password = credential.password;

        var login = 
                "name":name,
                "password":password
        
        $http(
                
                    method : 'POST',
                    url : "/mongoglass-rest/rest/login/authenticate",
                    headers : 
                        'Content-Type' : 'application/x-www-form-urlencoded; charset=UTF-8'
                    ,
                    data : login 
                )
                .success(function(response,status) 
                ); 
    
])

这样,submit 函数调用 /rest/login/authenticate,这是我的登录表单正在使用 spring-security 处理的地方:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:security="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security.xsd
    http://www.springframework.org/schema/context 
    http://www.springframework.org/schema/context/spring-context.xsd">

    <context:annotation-config />
    <context:component-scan base-package="it.project.mongoglass.rest" />

    <beans:bean id="mySuccessHandler" class="it.project.mongoglass.rest.spring.security.RestSuccessHandler">
        <beans:property name="defaultTargetUrl" value="/rest/login/authenticate"></beans:property>
    </beans:bean>

    <security:http 
        realm="Protected API"
        use-expressions="true"
        auto-config="false"
        create-session="stateless"
        entry-point-ref="preAuthenticatedProcessingFilterEntryPoint"
        authentication-manager-ref="authenticationManager">
        <security:form-login login-processing-url="/rest/login/authenticate" 
                             username-parameter="username" password-parameter="password"
                             authentication-success-handler-ref="mySuccessHandler"></security:form-login>
        <security:intercept-url pattern="/rest/login/**" access="permitAll" />
    </security:http>

    <beans:bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
        <beans:property name="providers">
            <beans:list>
                <beans:ref bean="daoAuthenticationProvider"/>
            </beans:list>
        </beans:property>
    </beans:bean>

    <beans:bean id="daoAuthenticationProvider" 
                class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
      <beans:property name="userDetailsService" ref="daoUserDetailsService"/>
      <beans:property name="passwordEncoder" ref="shaPasswordEncoder"/>
    </beans:bean>

    <beans:bean id="daoUserDetailsService" class="it.project.mongoglass.rest.spring.service.impl.UserDetailsServiceImpl" />

    <beans:bean id="shaPasswordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
        <beans:constructor-arg value="256"/>
    </beans:bean>

</beans:beans>

这不起作用,当我提交表单时,我得到一个 404。

【问题讨论】:

【参考方案1】: 
$http(
      ...
       url : "/mongoglass-rest/rest/login/authenticate",
       ...

过滤器中的 url 不同。

login-processing-url="/rest/login/authenticate"

【讨论】:

以上是关于使用 Spring Security、Jersey 和 AngularJS 验证表单的主要内容,如果未能解决你的问题,请参考以下文章

Java:使用带有 Spring Security 的 Jersey Jax-RS 进行用户身份验证

jersey 2.2 和 Spring Security 3 依赖项?

使用 Spring Security 和 Jersey Restful Web 服务进行登录身份验证

Spring boot、jwt、jersey、spring security和CORS问题

带有 Jersey 和 Spring Security OAuth2 的 Spring Boot

Pdf下载使用java jersey和spring security在给出邮递员的请求时给出错误