I am trying to achieve the stateless authentication with Spring by following the document, http://static.springsource.org/spring-security/site/docs/3.1.x/reference/security-filter-chain.html#filter-chains-with-ns
So in my spring-security.xml, I have
<!-- Stateless RESTful service using Basic authentication -->
<http pattern="/restful/**" create-session="stateless">
<intercept-url pattern='/**' access='ROLE_REMOTE' />
<http-basic />
</http>
When I use browser to test it, the first request is required to be authenticated. But the subsequent is not. From my understanding, I am supposed to see the user login prompt. Is there anything I am missing?
No. In case of basic authentication browser remembers credentials you entered and sends them with subsequent requests automatically.
In order to make sure that your configuration is really stateless you may try to issue some requests (with and without authentication) using command line tools (wget
, curl
).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With