5

I'd like to use Rest Spring controller to authenticate the Users using Spring Security by JSON format.

Rest Controller

@RestController
@RequestMapping("/rest/api/login")
public class UserRestController {

    @Autowired
    @Qualifier(value = "authenticationManager")
    private AuthenticationManager authenticationManager;

    @RequestMapping(method = RequestMethod.POST, headers = {"Accept=application/json"})
    public Map<String, String> login(@RequestParam("login") String username, @RequestParam("password") String password) {
        Map<String, String> response = new HashMap<String, String>();

            UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);
            try {
                Authentication auth = authenticationManager.authenticate(token);
                SecurityContextHolder.getContext().setAuthentication(auth);
                response.put("status", "true");             
                return response;
            } catch (BadCredentialsException ex) {
                response.put("status", "false");
                return response;
            }
        }}

spring-security.xml

    <?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
   <http auto-config="true" use-expressions="true">
       <intercept-url pattern="/" access="permitAll" />
       <intercept-url pattern="/welcome" access="isAnonymous()" />
       <intercept-url pattern="/login" access="isAnonymous()" />
       <intercept-url pattern="/logout" access="isAnonymous()" />
       <intercept-url pattern="/listUsers" access="hasRole('ROLE_ADMIN')" />

       <intercept-url pattern="/userInfo"
           access="hasAnyRole('ROLE_USER', 'ROLE_ADMIN')" />
       <intercept-url pattern="/admin" access="hasRole('ROLE_ADMIN')" />
       <intercept-url pattern="/other/**" access="isAuthenticated()" />

       <access-denied-handler error-page="/403" />

       <form-login login-page='/' login-processing-url="/j_spring_security_check"
           default-target-url="/" always-use-default-target="false"
           authentication-failure-url="/login?error=true" username-parameter="login"
           password-parameter="password" />

       <logout logout-url="/logout" logout-success-url="/logoutSuccessful"
           delete-cookies="JSESSIONID" invalidate-session="true" />

   </http>

   <authentication-manager alias="authenticationManager">
       <!-- authentication from database -->
       <authentication-provider>
           <jdbc-user-service data-source-ref="dataSource"
               users-by-username-query="select login, password, enabled from users where login=?"
               authorities-by-username-query="select login, role from users where login=?" />
       </authentication-provider>
   </authentication-manager>
</beans:beans>

Then I try run http://localhost:8080/app/rest/api/login with JSON parameters

{"login":"a","password":"a"}

but I receive HTTP Status 400 - Required String parameter 'login' is not present.

Can anybody help me ? What am I doing wrong ? How to fix it?

I would like to use this service in the mobile application Android.

  • Possible duplicate of [Spring Security and JSON Authentication](http://stackoverflow.com/questions/19500332/spring-security-and-json-authentication) – xenoterracide Aug 06 '16 at 03:56
  • Not a duplicate, this one asks how to do the standard way, the other one how to customise it. – bohemian Dec 21 '18 at 13:17
  • In case using JSON is not mandatory, you can go around this by using . If you use Postman, you can choose form-data and include the fields "username" and "password". – bohemian Dec 21 '18 at 18:52

0 Answers0