java如何在RESTAPI基本身份验证中设置授权头
目前我正在使用Java的RESTAPI。我的RestAPI位于单独的maven项目中,web应用程序位于单独的maven项目中。我在RestAPI中处理了基本身份验证。我想在响应头中设置授权,还需要在每个请求中从HttpRequest获取授权(这是最佳实践吗?)强>
一旦我登录到应用程序,登录用户名和密码将转发到API,如果一旦登录凭据有效,需要在响应中设置授权头。每次我都想检查头的凭据是否有效
我的问题是,
- 如何设置授权标头,以及在何处设置李>
- 我想在每个响应中设置标题,还是只设置一次李>
我的网络。xml(RestAPI)
<http realm="MY APP REALM">
<csrf disabled="true" />
<intercept-url pattern="/rest/**"
access="hasAnyRole('ROLE_ADMIN','ROLE_USER')" />
<http-basic entry-point-ref="basicAuthenticationEntryPoint" />
</http>
<beans:bean name="bcryptEncoder"
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
<beans:bean name="ser"
class="com.test.api.config.SampleUserDetailsService" />
<beans:bean name="userService" class="com.test.api.service.impl.UserServiceImpl" />
<beans:bean name="basicAuthenticationEntryPoint"
class="com.test.api.config.MyAppBasicAuthenticationEntryPoint" />
<authentication-manager>
<authentication-provider user-service-ref="ser">
<password-encoder ref="bcryptEncoder" />
</authentication-provider>
</authentication-manager>
REST API控制器
@RestController
@RequestMapping("/rest")
public class RestServiceController {
@Autowired
IUserService userService;
@RequestMapping(value = "/user", method = RequestMethod.GET)
public ResponseEntity<List<Users>> listAllUsers() {
List<Users> users = userService.findAllUsers();
if (users.isEmpty()) {
return new ResponseEntity<List<Users>>(HttpStatus.NO_CONTENT);// You many decide to return
// HttpStatus.NOT_FOUND
}
return new ResponseEntity<List<Users>>(users, HttpStatus.OK);
}
}
帮我解决这个问题
# 1 楼答案