使用Java客户端实现Spring Security [英] Implementing Spring Security with Java Client
问题描述
客户端
我有一个使用基本POST或GET方法连接到远程服务器的java应用程序:
I have a java application that connects to a remote server using basic POST or GET methods:
URL url = new URL(urlStr);
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod("POST");
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setAllowUserInteraction(false);
conn.setRequestProperty("Content-type", "text/xml; charset=" + ENCODING);
conn.connect();
conn.getOutputStream().write(data.getBytes(ENCODING));
conn.getOutputStream().close();
(我无法更改此代码,我可以更改的唯一内容是调用方法时,urlStr 和数据发送到服务器。)
(I cannot change this code, the only things I can change is the urlStr and the data sent to the server when calling the method).
< b> :客户端可以是java客户端或任何其他客户端(c ++,objective-c,..)。这里的要点是我只能访问帖子正文中的内容以及URL。
: The client can be a java client or any other client (c++, objective-c, ..). The point here is that I can only access what's in the body of my post as well as the URL.
服务器端
在我的服务器端,我想实现Spring Security(SecurityContext和会话持久性)。
On my server side, I would like to implement Spring Security (SecurityContext and session persistance).
我知道Spring安全性是基于浏览器的cookie,当它是 WebApp 来保存有关<的信息时code>会话ID 。但在我的情况下,没有浏览器。
I understand that spring security is based on the browser's cookies when it's a WebApp to hold the information about the session id. But in my case there's no Browser.
-
我是否需要模拟
JSESSIONID的存储并将其发回服务器?我不确定这是可能的,因为我需要调用conn.addRequestProperty(键,值)这是不可能的。
Do I need to simulate the storage of the
JSESSIONIDand send it back to the server? I'm not sure this is possible since I would need to callconn.addRequestProperty(key, value)which is not possible.
还有其他办法吗?
谢谢。
正如@zagyi所指出的,我可以使用URL将会话令牌传递给Spring,但我仍然可以弄清楚如何。
as pointed out by @zagyi, I can use the URL to pass session token to Spring, but I still can't figure out how.
推荐答案
在网址中传递jsessionid只是在网址末尾附加它的问题像这样:
Passing the jsessionid in the url is just a matter of appending it at the end of the url like this:
http://localhost:8080/example/auth/login;jsessionid=A06F00609BBA8A4C2B005FB25F90C4C9
如果您将浏览器配置为不接受任何cookie,您可以在工作中看到此情况,在这种情况下,服务器会自动包含会话ID在url中(假设默认的tomcat配置)。 此问题中也讨论了此主题。
You can see this in working if you configure a browser not to accept any cookies, in which case the server automatically includes the session id in the url (assuming a default tomcat configuration). This topic is also discussed in this question.
这篇关于使用Java客户端实现Spring Security的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
