Spring Security HTTP 基本认证 [英] Spring Security HTTP Basic Authentication

问题描述

我正在尝试使用 Spring Security 进行非常简单的基本身份验证.我已经正确配置了命名空间，服务器中没有异常.在我的servlet.xml"中，我得到了 Spring Security 的下一个:

I am trying to do a really simple basic authentication with Spring Security. I have configured the namespace properly and there are no Exceptions in the server. In my "servlet.xml" I have got the next for Spring Security:

<security:http>
    <security:http-basic></security:http-basic>
    <security:intercept-url method="POST" pattern="/**" access="ROLE_USER" />
</security:http>


<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider>
        <security:user-service>
            <security:user name="cucu" password="tas" authorities="ROLE_USER" />
            <security:user name="bob" password="bobspassword" authorities="ROLE_USER" />
        </security:user-service>
    </security:authentication-provider>
</security:authentication-manager>

几乎一切都很完美:不是 POST 的方法不会提示任何登录表单，而 POST 方法会提示它.问题是，无论 cucu 还是 bob 都不能登录那里.谁能看出我做错了什么?

It nearly all goes perfect: The methods that are not POST doesn't prompt any login form, and the POST method prompt it. The problem is, that nor cucu, neither bob can login there. Can anyone see what am I doing wrong?

提前致谢！;-)

推荐答案

自动回答

T_T 用了两天的时间对此代码感到头疼...

T_T Two days of hitting my head against the code for this...

看起来不是代码的问题.我正在使用 Weblogic 并且 Weblogic 使用授权"标头捕获请求，因此它不会到达我的身份验证管理器.我用 glassfish 试了一下，效果很好.

Looks like it is not a problem of the code. I was using Weblogic with it and Weblogic captures the requests with the "authorization" header, so it doesn't get to my authentication-manager. I tried it with glassfish, and it works perfectly.

搜索了一些信息，我在下一篇博客中找到了一个有用的条目:http://yplakosh.blogspot.com/2009/05/how-to-fix-basic-authentication-issue.html

Searching for some info, I found an useful entry in the next blog: http://yplakosh.blogspot.com/2009/05/how-to-fix-basic-authentication-issue.html

在来自我的 Weblogic 服务器的 config.xml 中添加下一行( 部分):

Adding the next line in the config.xml from my Weblogic server(<security-configuration> section):

false</enforce-valid-basic-auth-credentials>

Weblogic 不会再次捕获基本身份验证凭据，因此将由您的身份验证经理来处理.

Weblogic will not catch the basic authentication credentials again, so it will be your authentication-manager who will handle it.

我希望它可以为任何人节省一些时间:-)

I hope it can save some time to anyone :-)

这篇关于Spring Security HTTP 基本认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！