我在我的应用程序中使用Spring Security但是我有几个问题需要正确验证。
如果我在localhost域运行应用程序,则会对用户进行身份验证。 如果我在内部IP地址上运行,则用户未经过身份验证。 登录过程是使用ajax请求。
这是我的spring security config的核心
<http entry-point-ref="loginEntryPoint" disable-url-rewriting="true" use-expressions="true" create-session="always">
<intercept-url pattern="/" access="permitAll" />
<intercept-url pattern="/login.do" access="permitAll" />
<intercept-url pattern="/accessDenied.do" access="permitAll" />
<intercept-url pattern="/app/**" access="permitAll" />
<intercept-url pattern="/signup/createuser" access="permitAll" />
<intercept-url pattern="/**" access="authenticated" />
<access-denied-handler error-page="/accessDenied.do" />
<custom-filter position="FORM_LOGIN_FILTER" ref="authenticationFilter"/>
<logout logout-url="/logout"
logout-success-url="/login/form?logout"/>
</http>
<bean:bean id="loginEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/login.do" />
</bean:bean>
<beans:bean id="authenticationFilter" class="com.myapp.webapp.filter.CustomUsernamePasswordAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="postOnly" value="false"/>
<beans:property name="authenticationSuccessHandler" ref="loginSuccessHandler"/>
<beans:property name="authenticationFailureHandler" ref="loginFailureHandler"/>
</beans:bean>
<beans:bean id="loginSuccessHandler"
class="com.myapp.webapp.security.authentication.LoginSuccessHandler" />
<beans:bean id="loginFailureHandler"
class="com.myapp.webapp.security.authentication.LoginFailureHandler" />
<authentication-manager alias="authenticationManager">
<authentication-provider ref="customUserAuthenticationProvider" />
</authentication-manager>
您在localhost和内部网络IP上运行应用程序有何不同?
答案 0 :(得分:0)