最近我對我的REST服務使用Spring Security基本認證。Spring Security基本認證只發生一次
以下是安全XML配置:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<security:http pattern="/rest/**" create-session="never" use-expressions="true">
<security:http-basic />
<security:intercept-url pattern="/rest/auth/**" access="isAuthenticated()"/>
</security:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider>
<security:user-service>
<security:user name="admin" password="admin" authorities="ROLE_ADMIN"/>
</security:user-service>
</security:authentication-provider>
<security:authentication-provider user-service-ref="userDetailsService">
<security:password-encoder hash="sha-256" />
</security:authentication-provider>
</security:authentication-manager>
<security:global-method-security jsr250-annotations="enabled" pre-post-annotations="enabled"/>
</beans>
Spring框架和Spring安全,我用:
<springframework.version>4.1.0.RELEASE</springframework.version>
<spring.security.version>3.2.5.RELEASE</spring.security.version>
我我的REST服務URL前綴映射 「休息/」 當我首次訪問URL,瀏覽器會提示基本身份驗證的用戶名和密碼字段。我用正確的憑證填寫並且我的控制器成功訪問。
但是,如果我再次嘗試使用瀏覽器訪問相同的URL,它將不會再次提示我再次輸入基本身份驗證的用戶名和密碼字段,並直接訪問該URL。
我期待瀏覽器始終提示我進行基本身份驗證,因爲我將create-session屬性設置爲從不。
所以,我錯過了什麼?
我試過用「從未」和「無狀態」,仍然,隱身窗口只有兩個值提示一次。謝啦。 – 2014-09-24 02:05:09