Spring安全登录与休息Web服务 [英] spring security login with rest web service
问题描述
我的公司有一个特定的身份验证提供程序,它是一个内部REST Web服务。
实际上,您为Web服务提供了一个登录名/密码,它返回一个令牌(有效期为几个小时),必须在每个下一个Web服务请求的标题中给出。
My company has a specific authentication provider which is an internal REST web service. In fact, you provide a login/password to the web service and it returns a token (which has a validity of a few hours) which must be given in the header for each next business request to the web service.
我需要创建一个Web应用程序,我需要将其插入此身份验证提供程序。
将它与Spring Security集成的最佳方法是什么?
I need to create a web application and I need to plug it into this authentication provider. What is the best way to integrate it with Spring Security?
如何在不要求用户重新登录的情况下管理我的webapp中的令牌过期?
How can I manage the token expiration in my webapp without asking the user to re-login?
推荐答案
如果要使用Spring安全性并将身份验证委托给Web服务,则需要实现spring提供的AuthenticationProvider接口安全框架。你可以做这样的事情
If you want to use spring security with authentication being delegated to a web service, You need to implement AuthenticationProvider interface provided by springs security framework. You can do some thing like this
public class AuthProviderImpl implements AuthenticationProvider
{
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException
{
WebServiceAuthClient client = //get an handle to your web service
//get user name, password from authenticate object
client.autheticat(username, pwd);
}
}
将您的网络应用配置为使用弹簧安全 http://static.springsource.org/spring-security/site/ petclinic-tutorial.html
Configure your web app to use spring security http://static.springsource.org/spring-security/site/petclinic-tutorial.html
这篇关于Spring安全登录与休息Web服务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!