views:

639

answers:

2

Hi people!

I am trying to do a really simple basic authentication with Spring Security. I have configured properly the namespace, and there are no Exceptions in the server. In my "servlet.xml" I have got the next for Spring Security:

<security:http>
    <security:http-basic></security:http-basic>
    <security:intercept-url method="POST" pattern="/**" access="ROLE_USER" />
</security:http>


<security:authentication-manager  alias="authenticationManager">
    <security:authentication-provider>
        <security:user-service>
            <security:user name="cucu" password="tas" authorities="ROLE_USER" />
            <security:user name="bob" password="bobspassword" authorities="ROLE_USER" />
        </security:user-service>
    </security:authentication-provider>
</security:authentication-manager>

It nearly all goes perfect: the methods that are not POST doesn't prompt any login form, and the POST method prompt it. The problem is, that nor "cucu", neither "bob" can login there. Can anyone see what am I doing wrong?

Thanks in advance! ;-)

A: 

try:

<http auto-config="true>
   <security:intercept-url method="POST" pattern="/**" access="ROLE_USER" />
   <http-basic />
</http>
Gandalf
Thanks for the advice. I Tryed also with the auto-config in true, but I think I am missing something else... but don't know what. I think my code is really simple, there should not be problems with that.
Raspayu
A: 

Auto-answer

T_T Two days of hitting my head against the code for this...

Looks like it is not a problem of the code. I was using Weblogic with it and it looks like Weblogic captures the requests with the "authorization" header, so it doesn't get to my authentication-manager. I tryed it with glassfish, and it works perfect.

Searching for some info, I found an useful entry in the next blog: http://yplakosh.blogspot.com/2009/05/how-to-fix-basic-authentication-issue.html

Adding the next line in the config.xml from my Weblogic server( section):

false

Weblogic will not catch the basic authentication credentials again, so it will be your authentication-manager who will handle it.

I hope it can save some time to anyone :-)

Raspayu

related questions