We can start building the security implementations in the Spring classes in the spring.security.rest.packt.security
package as follows:
RestAuthenticationEntryPoint
will be invoked once the request is missing the authentication. The
Authentication Failed response will be sent if the request doesn't have a valid cookie.
In the following RestAuthenticationSuccessHandler
, we have extended SimpleUrlAuthenticationSuccessHandler
and implemented onAuthenticationSuccess
method. This RestAuthenticationSuccessHandler
will be called once the request is authenticated. If not authorized, the authenticate entry point will be called:
Now, we have to create the basic spring.security.rest.api REST
package in order to build two Java config classes to mention the webSecurityConfig.xml
classpath and spring.security.rest.api.security ComponentScan
classes. The SpringSecurityConfig
class will have the security settings, as shown in the following screenshot:
Also, the WebConfig.java...