Spring Securiy OAuth2 # AuthorizationServer realm

在AuthorizationServerProperties中有一个realm的配置,其文档说明如下

Realm name for client authentication. If an unauthenticated request comes in to the token endpoint, it will respond with a challenge including this name.

当开启basic验证时,如果访问某个受保护的资源,资源服务器会给出如下的响应信息

HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=E5A8D3C16B65A0A007CFAACAEEE6916B; Path=/spring-security-basic-auth/; HttpOnly
WWW-Authenticate: Basic realm="Spring Security Application"
Content-Type: text/html;charset=utf-8
Content-Length: 1061
Date: Wed, 29 May 2013 15:14:08 GMT

WWW-Authenticate: Basic realm=”Spring Security Application”,这里的Spring Security Application就是我们在AuthorizationServerProperties中配置的realm的值。

参考
【HTTP】http 401Basic验证和WWW-Authenticate、Authorization
www-authenticate认证过程浅析
使用 Spring Security 实现基本认证

你可能感兴趣的:(Spring,Security)