Spring Security无状态配置 [英] Spring security stateless configuration

问题描述

我正在通过遵循文档所以在我的spring-security.xml中，我有

So in my spring-security.xml, I have

<!-- Stateless RESTful service using Basic authentication -->  
<http pattern="/restful/**" create-session="stateless">  
  <intercept-url pattern='/**' access='ROLE_REMOTE' />  
  <http-basic />  
</http>

当我使用浏览器进行测试时，要求对第一个请求进行身份验证.但是随后的不是.据我了解，我应该看到用户登录提示.有什么我想念的吗?

When I use browser to test it, the first request is required to be authenticated. But the subsequent is not. From my understanding, I am supposed to see the user login prompt. Is there anything I am missing?

推荐答案

否.如果使用基本身份验证，浏览器会记住您输入的凭据，并自动将它们与后续请求一起发送.

No. In case of basic authentication browser remembers credentials you entered and sends them with subsequent requests automatically.

为了确保您的配置确实是无状态的，您可以尝试使用命令行工具(wget，curl)发出一些请求(带有或不带有身份验证).

In order to make sure that your configuration is really stateless you may try to issue some requests (with and without authentication) using command line tools (wget, curl).

这篇关于Spring Security无状态配置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！