Spring Security HTTP基本认证 [英] Spring Security HTTP Basic Authentication
问题描述
我正在尝试使用Spring Security做一个非常简单的基本身份验证.我已经正确配置了名称空间,并且服务器中没有异常.在我的"servlet.xml"中,有关于Spring Security的下一篇文章:
I am trying to do a really simple basic authentication with Spring Security. I have configured the namespace properly and there are no Exceptions in the server. In my "servlet.xml" I have got the next for Spring Security:
<security:http>
<security:http-basic></security:http-basic>
<security:intercept-url method="POST" pattern="/**" access="ROLE_USER" />
</security:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider>
<security:user-service>
<security:user name="cucu" password="tas" authorities="ROLE_USER" />
<security:user name="bob" password="bobspassword" authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
几乎一切都非常完美:不是POST
的方法不会提示任何登录表单,而POST
方法会提示它.问题在于,bob
或cucu
都无法在此处登录.有人可以看到我在做什么错吗?
It nearly all goes perfect: The methods that are not POST
doesn't prompt any login form, and the POST
method prompt it. The problem is, that nor cucu
, neither bob
can login there. Can anyone see what am I doing wrong?
提前谢谢! ;-)
推荐答案
自动应答
T_T两天来,我的代码对此表示反对...
T_T Two days of hitting my head against the code for this...
看起来这不是代码的问题.我将Weblogic与它一起使用,并且Weblogic捕获带有"authorization"标头的请求,因此它不会到达我的身份验证管理器.我用玻璃鱼试了一下,效果很好.
Looks like it is not a problem of the code. I was using Weblogic with it and Weblogic captures the requests with the "authorization" header, so it doesn't get to my authentication-manager. I tried it with glassfish, and it works perfectly.
通过搜索一些信息,我在下一个博客中找到了一个有用的条目: http://yplakosh.blogspot.com/2009/05/how-to-fix-basic-authentication-issue.html
Searching for some info, I found an useful entry in the next blog: http://yplakosh.blogspot.com/2009/05/how-to-fix-basic-authentication-issue.html
从我的Weblogic服务器(<security-configuration>
部分)在config.xml中添加下一行:
Adding the next line in the config.xml from my Weblogic server(<security-configuration>
section):
<enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>
Weblogic将不再捕获基本的身份验证凭据,因此将由您的身份验证管理员来处理.
Weblogic will not catch the basic authentication credentials again, so it will be your authentication-manager who will handle it.
我希望它可以节省一些时间:-)
I hope it can save some time to anyone :-)
这篇关于Spring Security HTTP基本认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!