Spring Security HTTP基本认证 [英] Spring Security HTTP Basic Authentication
问题描述
我正在尝试使用Spring Security做一个非常简单的基本身份验证.我已经正确配置了名称空间,并且服务器中没有异常.在我的"servlet.xml"中,有关于Spring Security的下一篇文章:
I am trying to do a really simple basic authentication with Spring Security. I have configured the namespace properly and there are no Exceptions in the server. In my "servlet.xml" I have got the next for Spring Security:
<security:http>
<security:http-basic></security:http-basic>
<security:intercept-url method="POST" pattern="/**" access="ROLE_USER" />
</security:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider>
<security:user-service>
<security:user name="cucu" password="tas" authorities="ROLE_USER" />
<security:user name="bob" password="bobspassword" authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
几乎一切都非常完美:不是POST的方法不会提示任何登录表单,而POST方法会提示它.问题在于,bob或cucu都无法在此处登录.有人可以看到我在做什么错吗?
It nearly all goes perfect: The methods that are not POST doesn't prompt any login form, and the POST method prompt it. The problem is, that nor cucu, neither bob can login there. Can anyone see what am I doing wrong?
提前谢谢! ;-)
推荐答案
自动应答
T_T两天来,我的代码对此表示反对...
T_T Two days of hitting my head against the code for this...
看起来这不是代码的问题.我将Weblogic与它一起使用,并且Weblogic捕获带有"authorization"标头的请求,因此它不会到达我的身份验证管理器.我用玻璃鱼试了一下,效果很好.
Looks like it is not a problem of the code. I was using Weblogic with it and Weblogic captures the requests with the "authorization" header, so it doesn't get to my authentication-manager. I tried it with glassfish, and it works perfectly.
通过搜索一些信息,我在下一个博客中找到了一个有用的条目: http://yplakosh.blogspot.com/2009/05/how-to-fix-basic-authentication-issue.html
Searching for some info, I found an useful entry in the next blog: http://yplakosh.blogspot.com/2009/05/how-to-fix-basic-authentication-issue.html
从我的Weblogic服务器(<security-configuration>部分)在config.xml中添加下一行:
Adding the next line in the config.xml from my Weblogic server(<security-configuration> section):
<enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>
Weblogic将不再捕获基本的身份验证凭据,因此将由您的身份验证管理员来处理.
Weblogic will not catch the basic authentication credentials again, so it will be your authentication-manager who will handle it.
我希望它可以节省一些时间:-)
I hope it can save some time to anyone :-)
这篇关于Spring Security HTTP基本认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
