刚刚找到我自己的方式:
首先,我真的不记得为什么将这一行放在这里,但是这弄乱了我的代码:
<security:http-basic />
其次,此答案向我展示了路径:在Spring Security中处理用于Basic
Authentication的未授权错误消息。为了发送Access-Control-Allow-Origin,我必须创建一个自定义的身份验证入口点。
现在这是我的代码:
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <security:http create-session="stateless" entry-point-ref="authenticationEntryPoint"> <security:intercept-url pattern="/api/admin/**" /> <security:intercept-url pattern="/medico/**" /> <!-- <security:http-basic /> --> <security:custom-filter ref="basicAuthenticationFilter" after="BASIC_AUTH_FILTER" /> </security:http> <bean id="basicAuthenticationFilter" > <property name="authenticationManager" ref="authenticationManager" /> <property name="authenticationEntryPoint" ref="authenticationEntryPoint" /> </bean> <!-- <bean id="authenticationEntryPoint" > <property name="realmName" value="test.com" /> </bean> --> <bean id="authenticationEntryPoint" > <property name="realmName" value="test.com" /> </bean> <!-- It is responsible for validating the user's credentials --> <security:authentication-manager alias="authenticationManager"> <!-- It is responsible for providing credential validation to the AuthenticationManager --> <security:authentication-provider> <security:password-enprer ref="passwordEnprer" /> <security:jdbc-user-service data-source-ref="mySQLdataSource" users-by-username-query="select username, password, enabled from usuario where username = ?" authorities-by-username-query="select username, papel from autoridade where username = ?" /> </security:authentication-provider> </security:authentication-manager> <bean id="passwordEnprer" /></beans>package com.test.util;import java.io.IOException;import java.io.PrintWriter;import javax.servlet.ServletException;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.springframework.security.core.AuthenticationException;import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;public class PlainTextBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoint { @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { response.addHeader("Access-Control-Allow-Origin", "null"); response.addHeader("WWW-Authenticate", "Basic realm="" + getRealmName() + """); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); PrintWriter writer = response.getWriter(); writer.println("HTTP Status " + HttpServletResponse.SC_UNAUTHORIZED + " - " + authException.getMessage()); }}我的http现在回应:
HTTP/1.1 401 UnauthorizedServer: Apache-Coyote/1.1Access-Control-Allow-Origin: nullWWW-Authenticate: Basic realm="test.com"Content-Length: 35Date: Mon, 20 May 2013 20:05:03 GMTHTTP Status 401 - Bad credentials
在更改之前,我收到此错误消息:
OPTIONS http://localhost:8080/test/customer/name 200 (OK) jquery-1.8.2.min.js:2XMLHttpRequest cannot load http://localhost:8080/test/customer/name. Origin null is not allowed by Access-Control-Allow-Origin.
现在按预期我得到了这个:
OPTIONS http://localhost:8080/test/customer/name 200 (OK) jquery-1.8.2.min.js:2POST http://localhost:8080/test/customer/name 401 (Unauthorized)
