basic authentication - Spring Security not working over RestServices -
i have restcontroller working , want learn how enable basic auth spring security.
i've created class extends websecurityconfigureradapter , understand, should enough. sadly can call resources without providing credentials.
here code:
configurer adapter
package es.ieci.test.security; import org.springframework.context.annotation.bean; import org.springframework.context.annotation.configuration; import org.springframework.security.config.annotation.web.builders.httpsecurity; import org.springframework.security.config.annotation.web.configuration.enablewebsecurity; import org.springframework.security.config.annotation.web.configuration.websecurityconfigureradapter; import org.springframework.security.config.http.sessioncreationpolicy; @configuration @enablewebsecurity public class securityconfiguration extends websecurityconfigureradapter { public static final string realm = "test_realm"; @override protected void configure(httpsecurity http) throws exception{ http .csrf().disable() .authorizerequests().antmatchers("/services/**").hasrole("admin").and() .httpbasic().realmname(realm).authenticationentrypoint(getbasicauthentrypoint()).and() .sessionmanagement().sessioncreationpolicy(sessioncreationpolicy.stateless); } @bean public custombasicauthenticationentrypoint getbasicauthentrypoint(){ return new custombasicauthenticationentrypoint(); } }
spring config file
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xsi:schemalocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd"> <mvc:annotation-driven /> <context:component-scan base-package="es.ieci.test.security, es.ieci.test.controller, es.ieci.test.services, es.ieci.test.utils" /> </beans>
web.xml
<?xml version="1.0" encoding="utf-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemalocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="webapp_id" version="2.5"> <display-name>testrestspring</display-name> <servlet> <servlet-name>springrest</servlet-name> <servlet-class>org.springframework.web.servlet.dispatcherservlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>springrest</servlet-name> <url-pattern>/services/*</url-pattern> </servlet-mapping> </web-app>
and pom file
<dependencies> <dependency> <groupid>javax.servlet</groupid> <artifactid>javax.servlet-api</artifactid> <version>3.1.0</version> </dependency> <dependency> <groupid>org.springframework.security</groupid> <artifactid>spring-security-config</artifactid> <version>4.2.0.release</version> </dependency> <dependency> <groupid>org.springframework.security</groupid> <artifactid>spring-security-web</artifactid> <version>4.2.0.release</version> </dependency> <dependency> <groupid>org.springframework</groupid> <artifactid>spring-core</artifactid> <version>4.3.3.release</version> </dependency> <dependency> <groupid>org.springframework</groupid> <artifactid>spring-webmvc</artifactid> <version>4.3.3.release</version> </dependency> <dependency> <groupid>com.fasterxml.jackson.core</groupid> <artifactid>jackson-databind</artifactid> <version>2.4.1</version> </dependency> <dependency> <groupid>org.apache.logging.log4j</groupid> <artifactid>log4j-core</artifactid> <version>2.7</version> </dependency> <dependency> <groupid>org.apache.logging.log4j</groupid> <artifactid>log4j-web</artifactid> <version>2.7</version> <scope>runtime</scope> </dependency> <dependency> <groupid>org.apache.logging.log4j</groupid> <artifactid>log4j-slf4j-impl</artifactid> <version>2.7</version> </dependency> <dependency> <groupid>junit</groupid> <artifactid>junit</artifactid> <version>4.11</version> <scope>test</scope> </dependency> </dependencies>
i'm using tomcat v6.0m , server logs looks good:
nov 17, 2016 2:00:32 pm org.springframework.security.web.defaultsecurityfilterchain informaciÓn: creating filter chain: org.springframework.security.web.util.matcher.anyrequestmatcher@1, [org.springframework.security.web.context.request.async.webasyncmanagerintegrationfilter@f671723, org.springframework.security.web.context.securitycontextpersistencefilter@2b8af779, org.springframework.security.web.header.headerwriterfilter@49d0b86, org.springframework.security.web.authentication.logout.logoutfilter@6f7b847c, org.springframework.security.web.authentication.www.basicauthenticationfilter@3b022cae, org.springframework.security.web.savedrequest.requestcacheawarefilter@1eebd4a2, org.springframework.security.web.servletapi.securitycontextholderawarerequestfilter@4cb106be, org.springframework.security.web.authentication.anonymousauthenticationfilter@392002bb, org.springframework.security.web.session.sessionmanagementfilter@e13b2fb, org.springframework.security.web.access.exceptiontranslationfilter@6b4187ba, org.springframework.security.web.access.intercept.filtersecurityinterceptor@241377b6]
but if call
http://localhost:8383/testrestspring/services/echo
without providing user credentials server response 200 instead of expected auth error
i've been able 401 code adding filter web.xml
<filter> <filter-name>springsecurityfilterchain</filter-name> <filter-class>org.springframework.web.filter.delegatingfilterproxy</filter-class> </filter> <filter-mapping> <filter-name>springsecurityfilterchain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
but i'm not sure if right way.
Comments
Post a Comment