如何发送"全面验证"要求到Spring后台使用Ajax? [英] how to send a "fully authenticated" request to Spring backend with ajax?
本文介绍了如何发送"全面验证"要求到Spring后台使用Ajax?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我有一个需要HTTP基本身份验证的Spring的web服务,我想通过JavaScript访问它。
I have a Spring web service that requires HTTP Basic authentication and I'm trying to access it via Javascript.
我的春季安全配置具有以下定义:
My Spring security configuration has the following definitions:
<security:http create-session="stateless">
<security:http-basic />
<security:intercept-url pattern="/item/**"
access="ROLE_ADMIN,ROLE_USER" />
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="Aladdin" password="open sesame"
authorities="ROLE_USER, ROLE_ADMIN" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
和我的JavaScript客户端进行相应设置身份验证头。不过,我总是会得到401的回应:
And my Javascript client is setting the Authentication header accordingly. However I will always get 401 for a response:
Request URL:http://localhost:8080/item
Request Method:GET
Status Code:401 Full authentication is required to access this resource
Request
Accept:application/json, text/javascript, */*; q=0.01
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Authorization:BASIC QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Cache-Control:no-cache
Connection:keep-alive
Cookie:JSESSIONID=x8foxdzzuc8g1cqnhxj34u4tv
Host:localhost:8080
Pragma:no-cache
Referer:http://localhost:8080/index.html
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5
X-Requested-With:XMLHttpRequest
Response:
Cache-Control:must-revalidate,no-cache,no-store
Content-Length:1461
Content-Type:text/html;charset=ISO-8859-1
Server:Jetty(8.1.3.v20120416)
WWW-Authenticate:Basic realm="Spring Security Application"
有什么从我的要求缺少什么?我用维基百科的例子用户名/密码,以确保编码是不是搞砸了 - 它与这里的例子匹配
推荐答案
这个问题比我想象的更简单 - 授权头应该说基本而不是基本。只是改变了固定了整个事情。
The problem was simpler than I thought - the Authorization header should say "Basic" not "BASIC". Just changing that fixed the entire thing.
这篇关于如何发送&QUOT;全面验证&QUOT;要求到Spring后台使用Ajax?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文