Ich versuche, Federsicherheit 3.2.6 zu verwenden, um ein Formular in meiner Webanwendung zu authentifizieren, die AngularJS 1.5.9 und Jersey (zum Ausführen von Restdiensten) verwendet.Authentifizieren Sie ein Formular mit Spring Security, Jersey und AngularJS
Dies ist mein Login-Formular:
var myApp = angular.module('LoginModule', []);
myApp.controller('LoginController', ['$scope','$http', function($scope, $http){
$scope.submit = function(credential) {
var name = credential.username;
var password = credential.password;
var login = {
"name":name,
"password":password
}
$http(
{
method : 'POST',
url : "/mongoglass-rest/rest/login/authenticate",
headers : {
'Content-Type' : 'application/x-www-form-urlencoded; charset=UTF-8'
},
data : login
})
.success(function(response,status) {
});
}
}])
Auf diese Weise wird die submit
Funktion aufruft /rest/login/authenticate
:
<!DOCTYPE html>
<html>
<head>
<meta charset="ISO-8859-1">
<title>MongoGlass | Login</title>
<style>
body {
padding-top: 20px;
}
.error {
color: red;
}
</style>
</head>
<body>
<div class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">Please sign in</h3>
</div>
<div class="panel-body">
<form accept-charset="UTF-8" role="form" name="loginForm"
novalidate>
<fieldset>
<div class="form-group">
<input class="form-control" placeholder="Username"
name="username" type="text" ng-model="login.username" required>
<span ng-class="{'error': loginForm.username.$error.required}"
ng-show="loginForm.username.$error.required && loginForm.$submitted">Insert your username</span>
</div>
<div class="form-group">
<input class="form-control" placeholder="Password"
name="password" type="password" ng-model="login.password"
required>
<span ng-class="{'error': loginForm.password.$error.required}"
ng-show="loginForm.password.$error.required && loginForm.$submitted">Campo
obbligatorio</span>
</div>
<input class="btn btn-lg btn-success btn-block" type="submit"
value="Login" ng-click="loginForm.$valid && submit(login)">
</fieldset>
</form>
</div>
</div>
</div>
</div>
</div>
</body>
</html>
Wenn das Formular sumbitted wird, ist es sumbit(credentials)
Funktion in der entsprechenden AngularJS Controller genannt dort bearbeitet mein Login-Formular mit Federsicherheit:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:security="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd">
<context:annotation-config />
<context:component-scan base-package="it.project.mongoglass.rest" />
<beans:bean id="mySuccessHandler" class="it.project.mongoglass.rest.spring.security.RestSuccessHandler">
<beans:property name="defaultTargetUrl" value="/rest/login/authenticate"></beans:property>
</beans:bean>
<security:http
realm="Protected API"
use-expressions="true"
auto-config="false"
create-session="stateless"
entry-point-ref="preAuthenticatedProcessingFilterEntryPoint"
authentication-manager-ref="authenticationManager">
<security:form-login login-processing-url="/rest/login/authenticate"
username-parameter="username" password-parameter="password"
authentication-success-handler-ref="mySuccessHandler"></security:form-login>
<security:intercept-url pattern="/rest/login/**" access="permitAll" />
</security:http>
<beans:bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
<beans:property name="providers">
<beans:list>
<beans:ref bean="daoAuthenticationProvider"/>
</beans:list>
</beans:property>
</beans:bean>
<beans:bean id="daoAuthenticationProvider"
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="daoUserDetailsService"/>
<beans:property name="passwordEncoder" ref="shaPasswordEncoder"/>
</beans:bean>
<beans:bean id="daoUserDetailsService" class="it.project.mongoglass.rest.spring.service.impl.UserDetailsServiceImpl" />
<beans:bean id="shaPasswordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
<beans:constructor-arg value="256"/>
</beans:bean>
</beans:beans>
Dies funktioniert nicht, und wenn ich meine Form einreichen ich eine 404.