使用Spring Security进行http Basic认证非常简单,直接配置即可使用,如下:
<security:http> <security:http-basic></security:http-basic> <security:intercept-url pattern="/**" access="ROLE_USER"/> </security:http> <!--使用AuthenticationManager 进行认证相关配置--> <!--authentication-manager元素指定了一个AuthenticationManager,其需要一个AuthenticationProvider(对应authentication-provider元素)来进行真正的认证--> <security:authentication-manager> <security:authentication-provider> <security:user-service> <security:user name="user" password="user" authorities="ROLE_USER"/> <security:user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN"/> </security:user-service> </security:authentication-provider> </security:authentication-manager>