【发布时间】:2014-05-26 01:49:03
【问题描述】:
如何使用基于 cookie 的身份验证为 restful api 设置 spring-security?
目前我正在尝试确保一个请求有一个带有 sessionId 的 cookie,我会针对 redis 进行验证。
我尝试将这两个示例合并在一起:
http://sleeplessinslc.blogspot.com/2012/02/spring-security-stateless-cookie-based.html
https://spring.io/guides/tutorials/rest/5/
通过将两者结合起来,我实际上是在实现 cookie 过滤器、身份验证和 SecurityContext,然后像这样连接过滤器。
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
//have to use Autowired here, no other way to reference Bean
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilter(cookieAuthenticationFilter()).authorizeRequests().antMatchers("*/**").hasAnyAuthority("ALLOW");
}
/**
* The FilterProxyChain with the set of filters to apply.
*
* @return The FilterProxyChain
*/
@Bean(name = "springSecurityFilterChain")
public FilterChainProxy getFilterChainProxy() {
SecurityFilterChain chain = new SecurityFilterChain() {
@Override
public boolean matches(HttpServletRequest request) {
// All goes through here
return true;
}
@Override
public List<Filter> getFilters() {
List<Filter> filters = new ArrayList<Filter>();
filters.add(cookieAuthenticationFilter());
return filters;
}
};
return new FilterChainProxy(chain);
}
@Bean
public CookieAuthenticationFilter cookieAuthenticationFilter() {
return new CookieAuthenticationFilter(redisTemplate());
}
@Bean
public JedisConnectionFactory redisConnectionFactory(){
JedisConnectionFactory jedisConnectionFactory = new JedisConnectionFactory();
jedisConnectionFactory.setUsePool(true);
jedisConnectionFactory.setHostName("localhost");//TODO: CHANGE TO CONFIG
return jedisConnectionFactory;
}
@Bean
public RedisTemplate redisTemplate(){
RedisTemplate redisTemplate = new RedisTemplate();
redisTemplate.setConnectionFactory(redisConnectionFactory());
return redisTemplate;
}
}
【问题讨论】:
标签: java spring spring-mvc spring-security spring-data