basic authentication - Spring Security not working over RestServices -


i have restcontroller working , want learn how enable basic auth spring security.

i've created class extends websecurityconfigureradapter , understand, should enough. sadly can call resources without providing credentials.

here code:

configurer adapter

package es.ieci.test.security;  import org.springframework.context.annotation.bean; import org.springframework.context.annotation.configuration; import org.springframework.security.config.annotation.web.builders.httpsecurity; import org.springframework.security.config.annotation.web.configuration.enablewebsecurity; import org.springframework.security.config.annotation.web.configuration.websecurityconfigureradapter; import org.springframework.security.config.http.sessioncreationpolicy;  @configuration @enablewebsecurity public class securityconfiguration extends websecurityconfigureradapter {      public static final string realm = "test_realm";      @override     protected void configure(httpsecurity http) throws exception{          http             .csrf().disable()             .authorizerequests().antmatchers("/services/**").hasrole("admin").and()             .httpbasic().realmname(realm).authenticationentrypoint(getbasicauthentrypoint()).and()             .sessionmanagement().sessioncreationpolicy(sessioncreationpolicy.stateless);      }      @bean     public custombasicauthenticationentrypoint getbasicauthentrypoint(){         return new custombasicauthenticationentrypoint();     }    } 

spring config file

<beans xmlns="http://www.springframework.org/schema/beans"     xmlns:context="http://www.springframework.org/schema/context"     xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"     xsi:schemalocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context            http://www.springframework.org/schema/context/spring-context-3.0.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd">      <mvc:annotation-driven />     <context:component-scan base-package="es.ieci.test.security, es.ieci.test.controller, es.ieci.test.services, es.ieci.test.utils" />              </beans>   

web.xml

<?xml version="1.0" encoding="utf-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"     xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"     xsi:schemalocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"     id="webapp_id" version="2.5">     <display-name>testrestspring</display-name>       <servlet>         <servlet-name>springrest</servlet-name>         <servlet-class>org.springframework.web.servlet.dispatcherservlet</servlet-class>         <load-on-startup>1</load-on-startup>     </servlet>      <servlet-mapping>         <servlet-name>springrest</servlet-name>         <url-pattern>/services/*</url-pattern>     </servlet-mapping>        </web-app> 

and pom file

<dependencies>          <dependency>             <groupid>javax.servlet</groupid>             <artifactid>javax.servlet-api</artifactid>             <version>3.1.0</version>         </dependency>           <dependency>             <groupid>org.springframework.security</groupid>             <artifactid>spring-security-config</artifactid>             <version>4.2.0.release</version>         </dependency>         <dependency>             <groupid>org.springframework.security</groupid>             <artifactid>spring-security-web</artifactid>             <version>4.2.0.release</version>         </dependency>            <dependency>             <groupid>org.springframework</groupid>             <artifactid>spring-core</artifactid>             <version>4.3.3.release</version>         </dependency>         <dependency>             <groupid>org.springframework</groupid>             <artifactid>spring-webmvc</artifactid>             <version>4.3.3.release</version>         </dependency>         <dependency>             <groupid>com.fasterxml.jackson.core</groupid>             <artifactid>jackson-databind</artifactid>             <version>2.4.1</version>         </dependency>          <dependency>             <groupid>org.apache.logging.log4j</groupid>             <artifactid>log4j-core</artifactid>             <version>2.7</version>         </dependency>         <dependency>             <groupid>org.apache.logging.log4j</groupid>             <artifactid>log4j-web</artifactid>             <version>2.7</version>             <scope>runtime</scope>         </dependency>         <dependency>             <groupid>org.apache.logging.log4j</groupid>             <artifactid>log4j-slf4j-impl</artifactid>             <version>2.7</version>         </dependency>          <dependency>             <groupid>junit</groupid>             <artifactid>junit</artifactid>             <version>4.11</version>             <scope>test</scope>         </dependency>   </dependencies> 

i'm using tomcat v6.0m , server logs looks good:

nov 17, 2016 2:00:32 pm org.springframework.security.web.defaultsecurityfilterchain informaciÓn: creating filter chain: org.springframework.security.web.util.matcher.anyrequestmatcher@1, [org.springframework.security.web.context.request.async.webasyncmanagerintegrationfilter@f671723, org.springframework.security.web.context.securitycontextpersistencefilter@2b8af779, org.springframework.security.web.header.headerwriterfilter@49d0b86, org.springframework.security.web.authentication.logout.logoutfilter@6f7b847c, org.springframework.security.web.authentication.www.basicauthenticationfilter@3b022cae, org.springframework.security.web.savedrequest.requestcacheawarefilter@1eebd4a2, org.springframework.security.web.servletapi.securitycontextholderawarerequestfilter@4cb106be, org.springframework.security.web.authentication.anonymousauthenticationfilter@392002bb, org.springframework.security.web.session.sessionmanagementfilter@e13b2fb, org.springframework.security.web.access.exceptiontranslationfilter@6b4187ba, org.springframework.security.web.access.intercept.filtersecurityinterceptor@241377b6]

but if call

http://localhost:8383/testrestspring/services/echo

without providing user credentials server response 200 instead of expected auth error

i've been able 401 code adding filter web.xml

    <filter>         <filter-name>springsecurityfilterchain</filter-name>         <filter-class>org.springframework.web.filter.delegatingfilterproxy</filter-class>     </filter>      <filter-mapping>         <filter-name>springsecurityfilterchain</filter-name>         <url-pattern>/*</url-pattern>     </filter-mapping> 

but i'm not sure if right way.


Comments

Popular posts from this blog

account - Script error login visual studio DefaultLogin_PCore.js -

xcode - CocoaPod Storyboard error: -