发表新帖
发表新帖

Spring Security, REST basic authentication issue

后端 未结
关注
1 1666
猫巷女王i
猫巷女王i 2020-12-24 04:06

I got an issue related to the HTTP response header \"Access-Control-Allow-Origin\" when using basic authetication with Spring. When I authenticate manually, like the code be

1条回答
  • 失恋的感觉
    失恋的感觉 (楼主)
    2020-12-24 04:28

    Just found my own way:

    First of all, I don't really remember why I put this line here, but it was messing up my code:

    Second, this answer show me the path: Handle unauthorized error message for Basic Authentication in Spring Security. I had to create a custom authentication entry point in order to send the Access-Control-Allow-Origin thing.

    So this is my code now:

    


    
        
        
        
        
    

    
        
        
    

            


    
        
     

    
    

        
        
            

            

        

    

    



    package com.test.util;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;

public class PlainTextBasicAuthenticationEntryPoint extends
        BasicAuthenticationEntryPoint {

      @Override
        public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException {
            response.addHeader("Access-Control-Allow-Origin", "null");
            response.addHeader("WWW-Authenticate", "Basic realm=\"" + getRealmName() + "\"");
            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
            PrintWriter writer = response.getWriter();
            writer.println("HTTP Status " + HttpServletResponse.SC_UNAUTHORIZED + " - " + authException.getMessage());
        }

}

    My http response now:

    HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
Access-Control-Allow-Origin: null
WWW-Authenticate: Basic realm="test.com"
Content-Length: 35
Date: Mon, 20 May 2013 20:05:03 GMT

HTTP Status 401 - Bad credentials

    before the alteration, I got this error message:

    OPTIONS http://localhost:8080/test/customer/name 200 (OK) jquery-1.8.2.min.js:2
XMLHttpRequest cannot load http://localhost:8080/test/customer/name. Origin null is     not allowed by Access-Control-Allow-Origin.

    and now as expected I get this one:

    OPTIONS http://localhost:8080/test/customer/name 200 (OK) jquery-1.8.2.min.js:2
POST http://localhost:8080/test/customer/name 401 (Unauthorized)

    0 讨论(0)
 看不清?
提交回复
热议问题