Spring Security HTTP 基本身份验证
我正在尝试使用 Spring Security 进行非常简单的基本身份验证。我已经正确配置了命名空间,并且服务器中没有异常。在我的“servlet.xml”中,我得到了 Spring Security 的下一个:
<security:http>
<security:http-basic></security:http-basic>
<security:intercept-url method="POST" pattern="/**" access="ROLE_USER" />
</security:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider>
<security:user-service>
<security:user name="cucu" password="tas" authorities="ROLE_USER" />
<security:user name="bob" password="bobspassword" authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
它几乎一切都很完美:不是 POST 的方法不会提示任何登录表单,并且 POST< /code> 方法提示它。问题是,无论是 cucu 还是 bob 都无法登录。谁能看到我做错了什么吗?
提前致谢! ;-)
I am trying to do a really simple basic authentication with Spring Security. I have configured the namespace properly and there are no Exceptions in the server. In my "servlet.xml" I have got the next for Spring Security:
<security:http>
<security:http-basic></security:http-basic>
<security:intercept-url method="POST" pattern="/**" access="ROLE_USER" />
</security:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider>
<security:user-service>
<security:user name="cucu" password="tas" authorities="ROLE_USER" />
<security:user name="bob" password="bobspassword" authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
It nearly all goes perfect: The methods that are not POST doesn't prompt any login form, and the POST method prompt it. The problem is, that nor cucu, neither bob can login there. Can anyone see what am I doing wrong?
Thanks in advance! ;-)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
自动回答
T_T 这两天我在代码上头疼了……
看来不是代码的问题。我使用的是 Weblogic,Weblogic 捕获带有“授权”标头的请求,因此它不会到达我的身份验证管理器。我用 glassfish 尝试过,效果非常好。
搜索一些信息,我在下一篇博客中发现了一个有用的条目:
http://yplakosh.blogspot.com/2009 /05/how-to-fix-basic-authentication-issue.html
在我的 Weblogic 服务器的 config.xml 中添加下一行(
Weblogic 不会再次捕获基本身份验证凭据,因此它将成为您的身份验证管理器谁来处理它。
我希望它可以为任何人节省一些时间:-)
Auto-answer
T_T Two days of hitting my head against the code for this...
Looks like it is not a problem of the code. I was using Weblogic with it and Weblogic captures the requests with the "authorization" header, so it doesn't get to my authentication-manager. I tried it with glassfish, and it works perfectly.
Searching for some info, I found an useful entry in the next blog:
http://yplakosh.blogspot.com/2009/05/how-to-fix-basic-authentication-issue.html
Adding the next line in the config.xml from my Weblogic server(
<security-configuration>section):<enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>Weblogic will not catch the basic authentication credentials again, so it will be your authentication-manager who will handle it.
I hope it can save some time to anyone :-)
尝试:
try: