Tomcat 身份验证和 Spring Security [英] Tomcat Authentication and Spring Security

问题描述

我下载了 JavaMelody(服务器统计信息)并将其应用到我的 Spring 项目中.使用这个一切正常 - 插入 http://myAplication/monitoring 后，我可以看到 JavaMelody 页面.我决定，这应该受密码保护.所以我按照文档添加了 tomcat-users.xml

I downloaded JavaMelody (server statistics) and applied it to my Spring project. Everything works just fine with this one - after inserting http://myAplication/monitoring I can see JavaMelody page. I decided, that this should be protected by password. So I followed documentation and added in tomcat-users.xml

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
    <role rolename="monitoring" />
    <user username="monitoring" password="monitoring" roles="monitoring" />
</tomcat-users>

然后我在 web.xml

<filter>
    <filter-name>monitoring</filter-name>
    <filter-class>net.bull.javamelody.MonitoringFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>monitoring</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
    <listener-class>net.bull.javamelody.SessionListener</listener-class>
</listener>

<!-- JAVA MELODY MONITOR ACCESS -->
<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Monitoring</realm-name>
</login-config>
<security-role>
    <role-name>monitoring</role-name>
</security-role>
<security-constraint>
    <web-resource-collection>
        <web-resource-name>Monitoring</web-resource-name>
        <url-pattern>/monitoring</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>monitoring</role-name>
    </auth-constraint>
</security-constraint>

现在，当我输入 http://myAplication/monitoring 时，我会看到身份验证弹出窗口 - 这很酷.但是当我输入凭据并单击确定时，会显示另一个身份验证弹出窗口.不同的是，这个来自 Spring Security(我没有在我的应用程序中的任何地方看到那个弹出窗口).

Now when I type http://myAplication/monitoring I get authentication popup - that's cool. But when I enter credentials and click ok, another authentication popup shows. Difference is, that this one is from Spring Security (I haven't seen that popup anywhere in my app).

现在，我输入 Spring Security 的凭据(其他凭据)并且 JavaMelody 页面开始显示，但是另一个 monitoring 弹出窗口显示，然后是 spring security，然后再次显示，然后... - 直到所有页面元素都加载完毕.

And now, I enter credentials for Spring Security (other credentials) and JavaMelody page starts to show, but ANOTHER monitoring popup shows, and then spring security, and again, and again... - until all page elements are loaded.

我的 Spring Security 配置

My Spring Security conf

<http auto-config='true' use-expressions="true">
    <intercept-url pattern="/**" access="permitAll" />
    <form-login login-page='/' default-target-url='/login_ok'
        always-use-default-target='true' authentication-failure-url="/login_failed" />
    <logout logout-success-url="/" />
</http>

有没有办法让 Spring Security 和 Tomcat Authentication 一起工作?

Is there a way to make Spring Security and Tomcat Authentication work together?

推荐答案

你必须决定你想要什么:Container Manager Security (web.xml) 或 Spring Security (beans.xml).你不应该同时使用两者.这就是您看到两个基本领域名称的原因.

You have to decide what you want: Container Manager Security (web.xml) or Spring Security (beans.xml). You should not use both. That's why you see two Basic realm names.

这篇关于Tomcat 身份验证和 Spring Security的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！