Spring Security 之Http Basic认证

时间:2022-10-06 16:21:15

  使用Spring Security进行http Basic认证非常简单,直接配置即可使用,如下:

<security:http>
        <security:http-basic></security:http-basic>        
        <security:intercept-url pattern="/**" access="ROLE_USER"/>
    </security:http>


    <!--使用AuthenticationManager 进行认证相关配置-->
    <!--authentication-manager元素指定了一个AuthenticationManager,其需要一个AuthenticationProvider(对应authentication-provider元素)来进行真正的认证-->
    <security:authentication-manager>
        <security:authentication-provider>
            <security:user-service>
                <security:user name="user" password="user" authorities="ROLE_USER"/>
                <security:user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN"/>
            </security:user-service>
        </security:authentication-provider>
    </security:authentication-manager>