CODEWITHSUNDEEP
springspring-securityspring-bootspring-restcontrollerspring-rest
robert trudel
robert trudel

Reputation: 5749

Unauthorized access with spring security

I try to add security to a rest application.

I followed this tutorial: http://www.codesandnotes.be/2014/10/31/restful-authentication-using-spring-security-on-spring-boot-and-jquery-as-a-web-client/

I configured my class who extends WebSecurityConfigurerAdapter.

http.authorizeRequests().antMatchers("/rest/**").authenticated();
http.csrf().disable();
http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
http.formLogin().successHandler(authenticationSuccessHandler);
http.formLogin().failureHandler(authenticationFailureHandler);

I have an login.html, index.html who load (via jquery) some other html file in index.html.

I try to access a service with curl

curl -i -X POST -d username=test -d password=test http://localhost:8080/rest/cities

I get a

HTTP/1.1 401 Unauthorized

All url with rest is secured, but i provide username and password should word.

When i debug, i see then my class who implements UserDetailsService who have the method loadUserByUsername is never called.

There is something who don't do the link correctly.

Upvotes: 0

Views: 1318

Answers (1)

Aritz
Aritz

Reputation: 31651

You need to be logged in to access restricted resources. Spring security provides a default entry point for performing your authentication. That's what this part of your given link does:

jQuery(document).ready(function ($) {
    $('#loginform').submit(function (event) {
        event.preventDefault();
        var data = 'username=' + $('#username').val() + '&password=' + $('#password').val();
        $.ajax({
            data: data,
            timeout: 1000,
            type: 'POST',
            url: '/login'

        }).done(function(data, textStatus, jqXHR) {
            var preLoginInfo = JSON.parse($.cookie('dashboard.pre.login.request'));
            window.location = preLoginInfo.url;

        }).fail(function(jqXHR, textStatus, errorThrown) {
            alert('Booh! Wrong credentials, try again!');
        });
    });
});

So you need to POST the /login url with your username and password parameters. That's how it's done with curl:

curl -i -X POST -d username=user -d password=userPass -c /opt/cookies.txt 
http://localhost:8080/rest/login

What this does is to log in with your credentials and store the given cookie in the cookies.txt file. Then, you'll need just to attach that cookie in every single request performed to gain permission in your server:

curl -i --header "Accept:application/json" -X GET -b /opt/cookies.txt 
http://localhost:8080/rest/cities

See also:

Upvotes: 1

Related Questions