我使用的Spring Security在我的应用程序,但我有几个问题要正确验证。
I'm using Spring Security in my application but I am having several problems to authenticate correctly.
如果我运行的应用程序在本地主机域的用户进行身份验证。 如果我跑我的内部IP地址,用户没有通过验证。 登录过程是用AJAX请求。
If I run application at localhost domain, the user is authenticated. If I run on my internal IP address, the user is not authenticated. The login process is with ajax requests.
这是我的春天安全配置的核心
This is the core of my spring security config
<http entry-point-ref="loginEntryPoint" disable-url-rewriting="true" use-expressions="true" create-session="always">
<intercept-url pattern="/" access="permitAll" />
<intercept-url pattern="/login.do" access="permitAll" />
<intercept-url pattern="/accessDenied.do" access="permitAll" />
<intercept-url pattern="/app/**" access="permitAll" />
<intercept-url pattern="/signup/createuser" access="permitAll" />
<intercept-url pattern="/**" access="authenticated" />
<access-denied-handler error-page="/accessDenied.do" />
<custom-filter position="FORM_LOGIN_FILTER" ref="authenticationFilter"/>
<logout logout-url="/logout"
logout-success-url="/login/form?logout"/>
</http>
<bean:bean id="loginEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/login.do" />
</bean:bean>
<beans:bean id="authenticationFilter" class="com.myapp.webapp.filter.CustomUsernamePasswordAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="postOnly" value="false"/>
<beans:property name="authenticationSuccessHandler" ref="loginSuccessHandler"/>
<beans:property name="authenticationFailureHandler" ref="loginFailureHandler"/>
</beans:bean>
<beans:bean id="loginSuccessHandler"
class="com.myapp.webapp.security.authentication.LoginSuccessHandler" />
<beans:bean id="loginFailureHandler"
class="com.myapp.webapp.security.authentication.LoginFailureHandler" />
<authentication-manager alias="authenticationManager">
<authentication-provider ref="customUserAuthenticationProvider" />
</authentication-manager>
什么是运行在本地主机与内部网络IP应用的区别在哪里?
What are the differences you run the application on localhost and the internal network IP?
可以用一个跨域问题有关?
Could be related with a cross domain issue?
点击这里Error处理跨域的jQuery ajax调用
什么是告诉你你的浏览器控制台(萤火虫)??
what is telling you your browser console(firebug)??