我會盡力幫助你:
第一:響應設置Cookie爲路徑,在我的情況我的應用程序是localhost:port/CambioClaveDist
,所以當SpringSecurity驗證我的用戶,它創造了一個新的JSESSIONID那條路徑:Set-Cookie:"JSESSIONID=96ABDF25EE278DD69DD1A0400702E416; Path=/CambioClaveDist"
第二個: Spring通過JSESSIONID標識一個已認證的用戶,是的。
第三:我有一個http請求/後例子:
認證後:
POST http://localhost:8080/CambioClaveDist/j_spring_security_check
Host: localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://localhost:8080/CambioClaveDist/index.htm?logout=true
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 92
_csrf=fbd07004-cc30-4ef6-9bfb-a00ae8f8819f&username=user&password=pass&sSubmit=Enviar
請求保護的網址:
GET http://localhost:8080/CambioClaveDist/main/index.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://localhost:8080/CambioClaveDist/index.htm?logout=true
Cookie: JSESSIONID=96ABDF25EE278DD69DD1A0400702E416
Connection: keep-alive
http://stackoverflow.com/questions/ 29276806/spring-security-testing-understanding-rest-authentication。在這個問題中,在主要帖子的底部,您可以看到Spring-Security如何響應。 –