security Basic-Authentication认证
spring-security.xml
配置:
<security:http pattern="/**" auto-config="true" use-expressions="true">
<!--<security:form-login />-->
<security:intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')"/>
<security:csrf disabled="true"/>
<security:http-basic entry-point-ref="basicAuthenticationEntryPoint" />
</security:http>
<!-- 认证登陆EndPoint -->
<bean id="basicAuthenticationEntryPoint"
class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint">
<property name="realmName" value="client"/>
</bean>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user password="111111" name="admin" authorities="ROLE_ADMIN"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
如果拒绝:
只有关闭浏览器再次访问
输入正确的用户名和密码:admin/111111:
可以看到在Request请求头中加入了Authentication
,这个是使用Base64加密之后的,使用Base64解密之后:
@Test
public void base64DecodeTest() throws IOException {
BASE64Decoder decoder = new BASE64Decoder();
byte[] bytes = decoder.decodeBuffer("YWRtaW46MTExMTEx");
System.out.println(new String(bytes, "UTF-8"));
}
//result
admin:111111