Spiring Security 401 - Invoking restful services w/ Angularjs

https://stackoverflow.com/questions/21933854

14-10-2022
|

Question

I have a problem with spring security. I've done authenticate process w/ my user but I've an error 401 when I'm invoking restful services by angularjs.

    <?xml version="1.0" encoding="UTF-8" standalone="no"?>
<beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:context="http://www.springframework.org/schema/context" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans   
                        http://www.springframework.org/schema/beans/spring-beans-3.1.xsd      
                        http://www.springframework.org/schema/security    
                        http://www.springframework.org/schema/security/spring-security-3.1.xsd        
                        http://www.springframework.org/schema/context         
                        http://www.springframework.org/schema/context/spring-context-3.1.xsd">

    <context:component-scan base-package="it.xxx.yyy.service.security" scoped-proxy="interfaces" />

    <http realm="Protected API"
            use-expressions="true"
            auto-config="false"
            create-session="stateless"
            entry-point-ref="unauthorizedEntryPoint"
            authentication-manager-ref="authenticationManager">
        <custom-filter ref="authenticationTokenProcessingFilter" position="FORM_LOGIN_FILTER" />    
        <intercept-url pattern="/" access="permitAll"/>
        <intercept-url pattern="/static/**" access="permitAll"/>
        <intercept-url pattern="/rest/" access="permitAll"/>
        <intercept-url pattern="/rest/secure/**" access="isAuthenticated()" />
        <intercept-url pattern="/secure/**" access="isAuthenticated()"/>
        <remember-me key="YYY2RMKey" user-service-ref="CustomUserDetailsService"/> 
    </http>
    <authentication-manager id="authenticationManager">
        <authentication-provider user-service-ref="CustomUserDetailsService">
            <password-encoder hash="sha"/>
        </authentication-provider>
    </authentication-manager>
</beans:beans>

Any ideas?

Solution

Maybe a solution is to explicate the method in this way

<intercept-url method="GET" pattern="/rest/secure/**" access="isAuthenticated()" />
<intercept-url method="PUT" pattern="/rest/secure/**" access="isAuthenticated()" />
<intercept-url method="POST" pattern="/rest/secure/**" access="isAuthenticated()" />
<intercept-url method="DELETE" pattern="/rest/secure/**" access="isAuthenticated()" />

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow