将 Tomcat 基本身份验证与新的 WebApplicationInitializer 结合使用 [英] Using Tomcat Basic Auth with new WebApplicationInitializer

问题描述

好的，所以我以前在经典的 web.xml 中使用过这种技术，但现在我使用 WebApplicationInitializer 使其无法正常工作.

OK so I've previously used this technique with classic web.xml, but am having trouble getting it to work now that I'm using the WebApplicationInitializer.

我的 WebApplicationInitializer 包含以下代码:

My WebApplicationInitializer includes this code:

HttpConstraintElement constraint = new HttpConstraintElement(
        TransportGuarantee.NONE,
        new String[]{"sponsorUsers"});
ServletSecurityElement servletSecurity =
        new ServletSecurityElement(constraint);
dispatcher.setServletSecurity(servletSecurity);

我正在尝试为 servlet 内的任何资源请求的任何 http 方法要求基本身份验证(用户名+密码).我得到的只是一个 403 - 没有提示输入用户名.我怀疑我需要将 auth-method 设置为 BASIC，就像我在 xml 中所做的那样:

I'm trying to require basic auth (username+password) for any http methods for any resource request within the servlet. All I get back is a 403 - no prompt for the username. My suspicion is that I need to set the auth-method to BASIC, as I would in xml:

<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>User Auth</realm-name>
</login-config>

但是在 Java 类中看不到等效项.有什么帮助吗?谢谢！

But don't see the equivalent in the Java classes. Any help? Thanks!

推荐答案

WebApplicationInitializer 基本上是 Servlet 3.0 ServletContainerInitializer 的 Spring 扩展.

A WebApplicationInitializer is basically the Spring extension of Servlet 3.0 ServletContainerInitializer.

有些事情你不能用 ServletContainerInitializer 或 ServletContext 更具体地说，其中之一是配置一些安全组件，例如 登录配置.

There are a few things you cannot do with ServletContainerInitializer, or ServletContext to be more specific, and one of them is to configure some security components, ex login-config.

相反，您可以使用 metadata-complete 属性设置为 false.例如，

Instead you can have both a ServletContainerInitializer and a web.xml using the attribute metadata-complete set to false. For example,

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    metadata-complete="false" version="3.0">

然后在其中添加 元素.

In which you then add your <login-config> element.

这篇关于将 Tomcat 基本身份验证与新的 WebApplicationInitializer 结合使用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！