basic-authentication

问题 Will it shut down & lock up after repeated false password tries, and/or will it add lags in-between retries? Or does this depend on which modules you or your provider install? Thanks! 回答1: default Apache installation does not do that. usually this is better done by your web application (eg, PHP/JSP) for account attack. for network attack, better not for web servers because it's hard to identify the source due to so many anonymous / transparent proxy / VPN / NAT stuff. once you've implement

问题 I have a single URL accessible through a servlet that I have locked down using Spring Security's DaoAuthenticationProvider. I now have the requirement that certain incoming IP addresses must be whitelisted and so are not requested to authenticate. I can hack around this easily enough by overriding DaoAuthenticationProvider's authenticate method and bypassing the superclasses's implementation if the IP address matches a known IP address but this then only works when the sender of the request

问题 I have a single URL accessible through a servlet that I have locked down using Spring Security's DaoAuthenticationProvider. I now have the requirement that certain incoming IP addresses must be whitelisted and so are not requested to authenticate. I can hack around this easily enough by overriding DaoAuthenticationProvider's authenticate method and bypassing the superclasses's implementation if the IP address matches a known IP address but this then only works when the sender of the request

问题 I needed a custombinding on a WCF Service to allow me to pass raw content to WCFRest service. Works great, but I can't get it to accept transport level security. I want https and basicauthentication as I use elsewhere. Endpoint looks like this: <endpoint address="" behaviorConfiguration="web" contract="SmsService.ISmsReceive" binding="customBinding" bindingConfiguration="RawReceiveCapable"></endpoint> customBinding looks like this: <customBinding> <binding name="RawReceiveCapable"> <security

问题 Whenever I go to /admin/logout , I'm correctly redirected to the root of my project but still logged in when I visit /admin/ as I'm not prompted for credentials. Here is my configuration: security.yml security: firewalls: admin_area: pattern: ^/admin http_basic: ~ stateless: true switch_user: { role: ROLE_SUPER_ADMIN, parameter: _want_to_be_this_user } logout: { path: /admin/logout, target: / } AdminBundle/Resources/config/routing.yml logout: pattern: /logout app/config/routing.yml admin:

问题 In Apache HTTP Component 4 class org.apache.http.impl.auth.BasicScheme I noticed that the method: public static Header authenticate( final Credentials credentials, final String charset, final boolean proxy) Is deprecated with the following information: /** * Returns a basic <tt>Authorization</tt> header value for the given * {@link Credentials} and charset. * * @param credentials The credentials to encode. * @param charset The charset to use for encoding the credentials * * @return a basic

问题 In my Apache 2 config I have a VirtualHost which looks something like this: <VirtualHost *:80> ServerName sub.domain.com # username:password sent on to endpoint RequestHeader set Authorization "Basic dXNlcm5hbWU6cGFzc3dvcmQ==" ProxyPass /xyz http://192.168.1.253:8080/endpoint ProxyPassReverse /xyz http://192.168.1.253:8080/endpoint <Location /xyz> # This needs to let users through under the following circumstances # * They are in 192.168.1.0/24 # * They have a valid user in a htpasswd file #

问题 Using Dropwizard Authentication 0.9.0-SNAPSHOT I want to check the credentials against database user (UserDAO). I get the following exception ! org.hibernate.HibernateException: No session currently bound to execution context How to bind the session to the Authenticator? Or are there better ways to check against the database user? The Authenticator Class package com.example.helloworld.auth; import com.example.helloworld.core.User; import com.example.helloworld.db.UserDAO; import com.google

问题 I've created a self-hosted WCF REST service (with some extra's from WCF REST Starter Kit Preview 2). This is all working fine. I'm now trying to add Basic authentication to the service. But I'm hitting some rather large roadblocks in the WCF stack which is preventing me from doing this. It appears that the HttpListener (which self-hosted WCF services use internally at a low level in the WCF stack) is blocking my attempts to insert a WWW-Authenticate header on a self-generated 401 Unauthorized

问题 I'm trying to consume a remote Web service that uses HTTP basic authentication, using Apache CXF, within a JUnit test. The error I am getting is: javax.xml.ws.WebServiceException: Failed to access the WSDL at: http://localhost:8080/services/MyService?wsdl. It failed with: Server returned HTTP response code: 401 for URL: http://localhost:8080/services/MyService?wsdl. at com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(RuntimeWSDLParser.java:151) at com.sun.xml.internal.ws.wsdl