Spring Security，REST基本身份验证问题

Spring Security，REST基本身份验证问题

刚刚找到我自己的方式：

首先，我真的不记得为什么将这一行放在这里，但是这弄乱了我的代码：

<security:http-basic />

其次，此答案向我展示了路径：在Spring Security中处理用于Basic
Authentication的未授权错误消息。为了发送Access-Control-Allow-Origin，我必须创建一个自定义的身份验证入口点。

现在这是我的代码：

<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"    xmlns:security="http://www.springframework.org/schema/security"    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"    xsi:schemaLocation="   http://www.springframework.org/schema/beans   http://www.springframework.org/schema/beans/spring-beans-3.2.xsd   http://www.springframework.org/schema/security   http://www.springframework.org/schema/security/spring-security-3.1.xsd">    <security:http create-session="stateless"        entry-point-ref="authenticationEntryPoint">        <security:intercept-url pattern="/api/admin/**" />        <security:intercept-url pattern="/medico/**" />        <!-- <security:http-basic />  -->        <security:custom-filter ref="basicAuthenticationFilter" after="BASIC_AUTH_FILTER" />    </security:http>    <bean id="basicAuthenticationFilter"        >        <property name="authenticationManager" ref="authenticationManager" />        <property name="authenticationEntryPoint" ref="authenticationEntryPoint" />    </bean> <!--     <bean id="authenticationEntryPoint"         >        <property name="realmName" value="test.com" />    </bean> -->    <bean id="authenticationEntryPoint"         >        <property name="realmName" value="test.com" />    </bean>    <!-- It is responsible for validating the user's credentials -->    <security:authentication-manager alias="authenticationManager">        <!-- It is responsible for providing credential validation to the AuthenticationManager -->        <security:authentication-provider> <security:password-enprer ref="passwordEnprer" /> <security:jdbc-user-service     data-source-ref="mySQLdataSource"     users-by-username-query="select username, password, enabled from usuario where username = ?"     authorities-by-username-query="select username, papel from autoridade where username = ?" />        </security:authentication-provider>    </security:authentication-manager>    <bean     id="passwordEnprer" /></beans>package com.test.util;import java.io.IOException;import java.io.PrintWriter;import javax.servlet.ServletException;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.springframework.security.core.AuthenticationException;import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;public class PlainTextBasicAuthenticationEntryPoint extends        BasicAuthenticationEntryPoint {      @Override        public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { response.addHeader("Access-Control-Allow-Origin", "null"); response.addHeader("WWW-Authenticate", "Basic realm="" + getRealmName() + """); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); PrintWriter writer = response.getWriter(); writer.println("HTTP Status " + HttpServletResponse.SC_UNAUTHORIZED + " - " + authException.getMessage());        }}

我的http现在回应：

HTTP/1.1 401 UnauthorizedServer: Apache-Coyote/1.1Access-Control-Allow-Origin: nullWWW-Authenticate: Basic realm="test.com"Content-Length: 35Date: Mon, 20 May 2013 20:05:03 GMTHTTP Status 401 - Bad credentials

在更改之前，我收到此错误消息：

OPTIONS http://localhost:8080/test/customer/name 200 (OK) jquery-1.8.2.min.js:2XMLHttpRequest cannot load http://localhost:8080/test/customer/name. Origin null is     not allowed by Access-Control-Allow-Origin.

现在按预期我得到了这个：

OPTIONS http://localhost:8080/test/customer/name 200 (OK) jquery-1.8.2.min.js:2POST http://localhost:8080/test/customer/name 401 (Unauthorized)