views:

281

answers:

1

Hi! I am enabling a simple HTTP Basic Authentication with Spring security in my project. My environment is an Glassfish Server (bundled with Netbeans), and almost everything works perfect: I have set up it to just ask for authentication with the POST method, with hardcoded users with "user-service", and it works with user names with no special characters. The problem comes when I set up an user with "@" or "." Here is the spring-security related part of my servlet.xml:

<security:http>
    <security:intercept-url method="POST" pattern="/**" access="ROLE_USER" />
    <security:http-basic/>
</security:http>


<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider user-service-ref="uservice"/>
</security:authentication-manager>
<security:user-service id="uservice">
    <security:user name="[email protected]" password="pswd1" authorities="ROLE_USER" />
    <security:user name="[email protected]" password="pswd2" authorities="ROLE_USER" />
    <security:user name="pepe" password="pepito" authorities="ROLE_USER" />
</security:user-service>

I have looked also for what did the browser send to the listening port, and it sends right the par "username:password" in base 64, so i think the problem is in my server(Glassfish v3).

Does anyone have any idea?

Thanks in advance!

Raspayu

A: 

Well, I have read in some blogs that Spring-Security HTTP Authentication has that limitation. But it surprises me that I don't find it in any official page. Has anyone seen anything of it? Thanks ;-)

Raspayu

related questions