다음은 RestTemplate으로 스프링 시큐리티 로그인 후 REST API를 호출하는 예제입니다.
private static final String JSESSIONID = "JSESSIONID";
RestTemplate restTemplate = new RestTemplate();
@Test
public void check() {
String loginUrl = "http://localhost:8080/organizeme/j_spring_security_check";
String username = "izeye";
String password = "1234";
MultiValueMap<String, String> parameters = new LinkedMultiValueMap<>();
parameters.add("j_username", username);
parameters.add("j_password", password);
ResponseEntity<String> responseEntity = restTemplate.postForEntity(
loginUrl, parameters, String.class);
System.out.println(responseEntity);
HttpHeaders headers = responseEntity.getHeaders();
String cookie = headers.get("Set-Cookie").get(0);
System.out.println(cookie);
String[] cookieEntries = cookie.split(";");
String jSessionId = null;
for (String cookieEntry : cookieEntries) {
cookieEntry = cookieEntry.trim();
if (cookieEntry.startsWith(JSESSIONID)) {
jSessionId = cookieEntry.split("=")[1];
}
}
String url = "http://localhost:8080/organizeme/api/v1/users/check";
HttpHeaders requestHeaders = new HttpHeaders();
requestHeaders.add("Cookie", JSESSIONID + "=" + jSessionId);
HttpEntity<String> requestEntity = new HttpEntity<>(null,
requestHeaders);
ResponseEntity<User> responseEntityForUser = restTemplate.exchange(url,
HttpMethod.GET, requestEntity, User.class);
System.out.println(responseEntityForUser);
User user = responseEntityForUser.getBody();
System.out.println(user);
}
상당히 정신이 없는데
RETST에서는 일반적으로 쿠키 (Cookie) 기반 권한 (Authorization) 체크를 사용하지 않는듯 하다.
참고:
http://stackoverflow.com/questions/5796078/setting-security-cookie-using-resttemplate
http://springinpractice.com/2012/04/08/sending-cookies-with-resttemplate/
http://blog.mikepearce.net/2010/08/24/cookies-and-the-restful-api/