Spring Security 3.0:基本身份验证提示消失 [英] Spring Security 3.0 : Basic Auth Prompt disappear

问题描述

我在安全性xml中使用具有以下设置的spring基本身份验证:

I am using spring basic authentication with the following settings in my security xml:

<http use-expressions="true" create-session="never" >
        <intercept-url pattern="/**" method="GET" access="isAuthenticated()" />
        <intercept-url pattern="/**" method="POST" access="isAuthenticated()" />
        <intercept-url pattern="/**" method="PUT" access="isAuthenticated()" />
        <intercept-url pattern="/**" method="DELETE" access="isAuthenticated()" />
        <http-basic />
    </http>

如果身份验证失败，浏览器会弹出一个提示窗口，以出租用户名和密码. 有什么办法可以使该提示根本不弹出?

If authentication fails, the browser pop ups a prompt window to renter the user name and password. Is there any way to make that prompt not pop up at all ?

推荐答案

最有可能用于身份验证失败的页面也受到保护.您可以手动尝试将失败页面设置为不受保护的页面，例如

Most probable the page that is used for authentication failure is also protected. You can try manually to set the failure page to one that is not protected like

 <access-denied-handler error-page="/login.jsp"/> 

与

 <intercept-url pattern="/*login*" access="hasRole('ROLE_ANONYMOUS')"/>

或

<intercept-url pattern='/*login*' filters='none'/>  

，或者您可以使用http元素的auto-config='true'属性来为您解决该问题.有关更多信息，请参见

or you can use the auto-config='true' attribute of the http element that will fix that for you.See more here

这篇关于Spring Security 3.0:基本身份验证提示消失的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！