使用RestTemplate的Spring Security身份验证

使用RestTemplate的Spring Security身份验证

这是一个与Spring 3.1和Apache HttpComponents 4.1配合使用的很好的解决方案，我是根据该站点上的各种答案创建的，并阅读了Spring RestTempalte源代码。我希望能够节省其他人的时间，我认为spring应该只内置一些像这样的代码，但事实并非如此。

RestClient client = new RestClient();client.setApplicationPath("someApp");String url = client.login("theuser", "123456");UserPortfolio portfolio = client.template().getForObject(client.apiUrl("portfolio"),    UserPortfolio.class);

下面是Factory类，该类将HttpComponents上下文设置为与使用RestTemplate的每个请求相同。

public class StatefullHttpComponentsClientHttpRequestFactory extends         HttpComponentsClientHttpRequestFactory{    private final HttpContext httpContext;    public StatefullHttpComponentsClientHttpRequestFactory(HttpClient httpClient, HttpContext httpContext)    {        super(httpClient);        this.httpContext = httpContext;    }    @Override    protected HttpContext createHttpContext(HttpMethod httpMethod, URI uri)    {        return this.httpContext;    }}

以下是Statefull Rest模板，你可以使用它来记住cookie，一旦登录，它就会记住JSESSIONID并在后续请求中发送。

public class StatefullRestTemplate extends RestTemplate{    private final HttpClient httpClient;    private final cookieStore cookieStore;    private final HttpContext httpContext;    private final StatefullHttpComponentsClientHttpRequestFactory statefullHttpComponentsClientHttpRequestFactory;    public StatefullRestTemplate()    {        super();        httpClient = new DefaultHttpClient();        cookieStore = new BasiccookieStore();        httpContext = new BasicHttpContext();        httpContext.setAttribute(ClientContext.cookie_STORE, getcookieStore());        statefullHttpComponentsClientHttpRequestFactory = new StatefullHttpComponentsClientHttpRequestFactory(httpClient, httpContext);        super.setRequestFactory(statefullHttpComponentsClientHttpRequestFactory);    }    public HttpClient getHttpClient()    {        return httpClient;    }    public cookieStore getcookieStore()    {        return cookieStore;    }    public HttpContext getHttpContext()    {        return httpContext;    }    public StatefullHttpComponentsClientHttpRequestFactory getStatefulHttpClientRequestFactory()    {        return statefullHttpComponentsClientHttpRequestFactory;    }}

这是一个代表其他客户端的类，因此你可以调用受spring安全保护的应用程序。

public class RestClient{    private String host = "localhost";    private String port = "8080";    private String applicationPath;    private String apiPath = "api";    private String loginPath = "j_spring_security_check";    private String logoutPath = "logout";    private final String usernameInputFieldName = "j_username";    private final String passwordInputFieldName = "j_password";    private final StatefullRestTemplate template = new StatefullRestTemplate();        public String login(String username, String password)    {        MultiValueMap<String, String> form = new linkedMultiValueMap<>();        form.add(usernameInputFieldName, username);        form.add(passwordInputFieldName, password);        URI location = this.template.postForLocation(loginUrl(), form);        return location.toString();    }        public ResponseEntity<String> logout()    {        return this.template.getForEntity(logoutUrl(), String.class);    }    public String applicationUrl(String relativePath)    {        return applicationUrl() + "/" + checkNotNull(relativePath);    }    public String apiUrl(String relativePath)    {        return applicationUrl(apiPath + "/" + checkNotNull(relativePath));    }    public StatefullRestTemplate template()    {        return template;    }    public String serverUrl()    {        return "http://" + host + ":" + port;    }    public String applicationUrl()    {        return serverUrl() + "/" + nullToEmpty(applicationPath);    }    public String loginUrl()    {        return applicationUrl(loginPath);    }    public String logoutUrl()    {        return applicationUrl(logoutPath);    }    public String apiUrl()    {        return applicationUrl(apiPath);    }    public void setLogoutPath(String logoutPath)    {        this.logoutPath = logoutPath;    }    public String getHost()    {        return host;    }    public void setHost(String host)    {        this.host = host;    }    public String getPort()    {        return port;    }    public void setPort(String port)    {        this.port = port;    }    public String getApplicationPath()    {        return applicationPath;    }    public void setApplicationPath(String contextPath)    {        this.applicationPath = contextPath;    }    public String getApiPath()    {        return apiPath;    }    public void setApiPath(String apiPath)    {        this.apiPath = apiPath;    }    public String getLoginPath()    {        return loginPath;    }    public void setLoginPath(String loginPath)    {        this.loginPath = loginPath;    }    public String getLogoutPath()    {        return logoutPath;    }    @Override    public String toString()    {        StringBuilder builder = new StringBuilder();        builder.append("RestClient [n serverUrl()=");        builder.append(serverUrl());        builder.append(", n applicationUrl()=");        builder.append(applicationUrl());        builder.append(", n loginUrl()=");        builder.append(loginUrl());        builder.append(", n logoutUrl()=");        builder.append(logoutUrl());        builder.append(", n apiUrl()=");        builder.append(apiUrl());        builder.append("n]");        return builder.toString();    }}