Spring REST API Controller leitet nach Hause, wenn mit Token authentifiziert

Question

Ich habe eine API REST-Controller auf meiner Spring 4-Anwendung, die JSON-Werte zurückgibt aber irgendwie Blick auf die Protokolle, der Dispatcher die Anfrage an '/' umleiten.

2016-04-01 11:30:35 DEBUG RequestResponseBodyMethodProcessor:221 - Written [{"type":"groupmatch"}] as "application/json;charset=UTF-8" using [org.springframework.http.converter.StringHttpMessageConverter@4617ede3] 
    2016-04-01 11:30:35 DEBUG DispatcherServlet:1034 - Null ModelAndView returned to DispatcherServlet with name 'dispatcher': assuming HandlerAdapter completed request handling 
    2016-04-01 11:30:35 DEBUG DispatcherServlet:1000 - Successfully completed request 
    2016-04-01 11:30:35 DEBUG ExceptionTranslationFilter:115 - Chain processed normally 
    2016-04-01 11:30:35 DEBUG SecurityContextPersistenceFilter:97 - SecurityContextHolder now cleared, as request processing completed 
    2016-04-01 11:30:35 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/'; against '/' 
    2016-04-01 11:30:35 DEBUG FilterChainProxy:180 -/has an empty filter list 
    2016-04-01 11:30:35 DEBUG DispatcherServlet:861 - DispatcherServlet with name 'dispatcher' processing GET request for [/] 
    2016-04-01 11:30:35 DEBUG RequestMappingHandlerMapping:319 - Looking up handler method for path/
    2016-04-01 11:30:35 DEBUG RequestMappingHandlerMapping:326 - Returning handler method [public java.lang.String com.thebetcafe.controllers.HomeController.home(org.springframework.web.context.request.WebRequest)] 
    2016-04-01 11:30:35 DEBUG DefaultListableBeanFactory:248 - Returning cached instance of singleton bean 'homeController' 
    2016-04-01 11:30:35 DEBUG DispatcherServlet:947 - Last-Modified value for [/] is: -1 
    2016-04-01 11:30:35 DEBUG DispatcherServlet:1241 - Rendering view [org.springframework.web.servlet.view.JstlView: name 'static/home.html'; URL [static/home.html]] in DispatcherServlet with name 'dispatcher' 
    2016-04-01 11:30:35 DEBUG JstlView:166 - Forwarding to resource [static/home.html] in InternalResourceView 'static/home.html' 
    2016-04-01 11:30:35 DEBUG DispatcherServlet:861 - DispatcherServlet with name 'dispatcher' processing GET request for [/static/home.html] 
    2016-04-01 11:30:35 DEBUG RequestMappingHandlerMapping:319 - Looking up handler method for path /static/home.html 
    2016-04-01 11:30:35 DEBUG RequestMappingHandlerMapping:329 - Did not find handler method for [/static/home.html] 
    2016-04-01 11:30:35 DEBUG SimpleUrlHandlerMapping:191 - Matching patterns for request [/static/home.html] are [/static/**] 
    2016-04-01 11:30:35 DEBUG SimpleUrlHandlerMapping:220 - URI Template variables for request [/static/home.html] are {} 
    2016-04-01 11:30:35 DEBUG SimpleUrlHandlerMapping:141 - Mapping [/static/home.html] to HandlerExecutionChain with handler [ResourceHttpRequestHandler [locations=[ServletContext resource [/static/]], resolvers=[org.springframework.web.servlet.resource.PathResourceResolver@6a23a6d6]]] and 1 interceptor 
    2016-04-01 11:30:35 DEBUG DispatcherServlet:947 - Last-Modified value for [/static/home.html] is: -1 
    2016-04-01 11:30:35 DEBUG DispatcherServlet:1034 - Null ModelAndView returned to DispatcherServlet with name 'dispatcher': assuming HandlerAdapter completed request handling 
    2016-04-01 11:30:35 DEBUG DispatcherServlet:1000 - Successfully completed request 
    2016-04-01 11:30:35 DEBUG DispatcherServlet:1000 - Successfully completed request 

Ich habe eine spezielle Filterung der Benutzer über ein Token im Header, aber ich bin mir nicht sicher zu authentifizieren, wie es durch die generiert werden können. Hier ist der Code:

@RestController 
    @RequestMapping("/api") 
    public class APIController { 
    ... 
     @RequestMapping(value="/groups",method = RequestMethod.GET, produces = "application/json; charset=UTF-8") 
      public @ResponseBody String getAllGroups(){ 
       List<CompetitionGroup> groups = groupService.findAllGroups(); 
       return groupListToJSONObject(groups); 
      } 
    ... 
    } 

Dispatcher-servlet.xml

<!-- SCANNING THE COMPONENT --> 
<context:component-scan base-package="com.myapp"/> 
<context:annotation-config/> 
<context:property-placeholder/> 
<mvc:annotation-driven/> 
<mvc:resources mapping="/static/**" location="/static/"/> 

pom.xml

<!-- Jackson (JSON) --> 
    <dependency> 
     <groupId>org.codehaus.jackson</groupId> 
     <artifactId>jackson-mapper-asl</artifactId> 
     <version>${jackson.version}</version> 
    </dependency> 

Answer 1

ich einen bestimmten Filter für JWT Token-Authentifizierung unter implementiert haben:

public class JWTTokenAuthenticationFilter extends AbstractAuthenticationProcessingFilter { 

    @Autowired 
    private JWTUtil jwtUtil; 

    private static final Logger logger = Logger.getLogger(JWTTokenAuthenticationFilter.class); 

    public JWTTokenAuthenticationFilter(){ 
     this("/api/"); 
    } 

    public JWTTokenAuthenticationFilter(String defaultFilterProcessesUrl) { 
     super(defaultFilterProcessesUrl); 
     setAuthenticationManager(new NoOpAuthenticationManager()); 
     setAuthenticationSuccessHandler(new JWTSuccessAuthenticationHandler()); 
    } 

    public final String HEADER_SECURITY_TOKEN = "Authorization"; 

    @Override 
    protected boolean requiresAuthentication(HttpServletRequest request, HttpServletResponse response) { 
     return true; 
    } 


    /** 
    * Attempt to authenticate request - basically just pass over to another method to authenticate request headers 
    */ 
    @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException { 
     String header = request.getHeader(HEADER_SECURITY_TOKEN); 
     if (header == null || !header.startsWith("Bearer ")) { 
      throw new JwtTokenMissingException("No JWT token found in request headers"); 
     } 

     /* Try to parse the token */ 
     AppUser userDetails = jwtUtil.parseToken(header.substring(7)); 
     Collection<SimpleGrantedAuthority> auth = new ArrayList<>(); 
     auth.add(new SimpleGrantedAuthority(userDetails.getRole().name())); 

     JWTAuthenticationToken token = new JWTAuthenticationToken(userDetails.getEmail(), userDetails, auth); 
     token.setAuthenticated(true); 

     return token; 
    } 

    @Override 
    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) 
      throws IOException, ServletException { 
     super.successfulAuthentication(request, response, chain, authResult); 

     // As this authentication is in HTTP header, after success we need to continue the request normally 
     // and return the response as if the resource was not secured at all 
     chain.doFilter(request, response); 
    } 

} 

Der Trick ist, dass die AuthenticationSuccessHandler die Anfrage bei der Authentifizierung auf '/' umgeleitet hat.

Also habe ich einen neuen JWTSuccessAuthenticationHandler erstellt, wer nach der Authentifizierung nichts tut.

public class JWTSuccessAuthenticationHandler implements AuthenticationSuccessHandler { 

    @Override 
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) { 
     // We do not need to do anything extra on REST authentication success, because there is no page to redirect to 
    } 

} 

Hoffnung, dass jemand hilft :)