Java Spring Security HTTP 基本身份验证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2691160/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Spring Security HTTP Basic Authentication
提问by raspayu
I am trying to do a really simple basic authentication with Spring Security. I have configured the namespace properly and there are no Exceptions in the server. In my "servlet.xml" I have got the next for Spring Security:
我正在尝试使用 Spring Security 进行非常简单的基本身份验证。我已经正确配置了命名空间,服务器中没有异常。在我的“servlet.xml”中,我得到了 Spring Security 的下一个:
<security:http>
<security:http-basic></security:http-basic>
<security:intercept-url method="POST" pattern="/**" access="ROLE_USER" />
</security:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider>
<security:user-service>
<security:user name="cucu" password="tas" authorities="ROLE_USER" />
<security:user name="bob" password="bobspassword" authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
It nearly all goes perfect: The methods that are not POSTdoesn't prompt any login form, and the POSTmethod prompt it. The problem is, that nor cucu, neither bobcan login there. Can anyone see what am I doing wrong?
几乎一切都很完美:不是的方法POST不提示任何登录表单,而POST方法提示它。问题是,那也不是cucu,既不bob可以登录那里。谁能看到我做错了什么?
Thanks in advance! ;-)
提前致谢!;-)
采纳答案by raspayu
Auto-answer
自动应答
T_T Two days of hitting my head against the code for this...
T_T 这两天的代码让我头疼...
Looks like it is not a problem of the code. I was using Weblogic with it and Weblogic captures the requests with the "authorization" header, so it doesn't get to my authentication-manager. I tried it with glassfish, and it works perfectly.
看起来不是代码的问题。我正在使用 Weblogic 并且 Weblogic 使用“授权”标头捕获请求,因此它不会到达我的身份验证管理器。我用 glassfish 试了一下,效果很好。
Searching for some info, I found an useful entry in the next blog: http://yplakosh.blogspot.com/2009/05/how-to-fix-basic-authentication-issue.html
搜索一些信息,我在下一个博客中找到了一个有用的条目:http: //yplakosh.blogspot.com/2009/05/how-to-fix-basic-authentication-issue.html
Adding the next line in the config.xml from my Weblogic server(<security-configuration>section):
在我的 Weblogic 服务器(<security-configuration>部分)的 config.xml 中添加下一行:
<enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>
<enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>
Weblogic will not catch the basic authentication credentials again, so it will be your authentication-manager who will handle it.
Weblogic 将不会再次捕获基本身份验证凭据,因此将由您的身份验证经理来处理它。
I hope it can save some time to anyone :-)
我希望它可以为任何人节省一些时间:-)
回答by Gandalf
try:
尝试:
<http auto-config="true>
<security:intercept-url method="POST" pattern="/**" access="ROLE_USER" />
<http-basic />
</http>
