Spring安全登录与休息Web服务 [英] spring security login with rest web service

问题描述

我的公司有一个特定的身份验证提供程序，它是一个内部REST Web服务。
实际上，您为Web服务提供了一个登录名/密码，它返回一个令牌（有效期为几个小时），必须在每个下一个Web服务请求的标题中给出。

My company has a specific authentication provider which is an internal REST web service. In fact, you provide a login/password to the web service and it returns a token (which has a validity of a few hours) which must be given in the header for each next business request to the web service.

我需要创建一个Web应用程序，我需要将其插入此身份验证提供程序。
将它与Spring Security集成的最佳方法是什么？

I need to create a web application and I need to plug it into this authentication provider. What is the best way to integrate it with Spring Security?

如何在不要求用户重新登录的情况下管理我的webapp中的令牌过期？

How can I manage the token expiration in my webapp without asking the user to re-login?

推荐答案

如果要使用Spring安全性并将身份验证委托给Web服务，则需要实现spring提供的AuthenticationProvider接口安全框架。你可以做这样的事情

If you want to use spring security with authentication being delegated to a web service, You need to implement AuthenticationProvider interface provided by springs security framework. You can do some thing like this

 public class AuthProviderImpl implements AuthenticationProvider 
 {
      @Override
   public Authentication authenticate(Authentication authentication)
     throws AuthenticationException 
        {
          WebServiceAuthClient client = //get an handle to your web service
          //get user name, password from authenticate object
          client.autheticat(username, pwd);
        }

 }

将您的网络应用配置为使用弹簧安全 http://static.springsource.org/spring-security/site/ petclinic-tutorial.html

Configure your web app to use spring security http://static.springsource.org/spring-security/site/petclinic-tutorial.html

这篇关于Spring安全登录与休息Web服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！