可能有很多方法可以发生这种情况。在我的情况下,它发生是因为我的约束没有角色集。此代码生成 403:
private void secureServlet(ServletContextHandler handler) {
ConstraintSecurityHandler security = new ConstraintSecurityHandler();
security.setRealmName(this.realm);
security.setAuthenticator(new BasicAuthenticator());
security.setLoginService(new WebLoginService(this.engine));
Constraint constraint = new Constraint();
constraint.setName(Constraint.__BASIC_AUTH);
//constraint.setRoles(new String[]{"user"});
constraint.setAuthenticate(true);
ConstraintMapping mapping = new ConstraintMapping();
mapping.setConstraint(constraint);
mapping.setPathSpec("/*");
security.addConstraintMapping(mapping);
handler.setSecurityHandler(security);
}
在角色行中评论将提示码头以 401:s 代替。