AuthorizationServerSecurityConfigurer 中的 realm 方法的目的是什么?
What is the purpose of the realm method in AuthorizationServerSecurityConfigurer?
查看 AuthorizationServerSecurityConfigurer 的(实际上不存在的)文档,我没有看到 realm 方法的任何描述。它的目的是什么?
我在网上看到一个例子是这样使用的,但是没有任何描述,所以我还是不确定
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer
.realm(RESOURCE_ID + "/client")
.accessDeniedHandler(accessDeniedHandler)
.authenticationEntryPoint(entryPoint);
}
AuthorizationServerSecurityConfigurer的realm方法源码为:
public AuthorizationServerSecurityConfigurer realm(String realm) {
this.realm = realm;
return this;
}
此方法的唯一目标是在 HTTP/1.1:
的意义上定义 领域
The "realm" authentication parameter is reserved for use by
authentication schemes that wish to indicate a scope of protection. [...] These realms allow the protected
resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme and/or authorization
database.
另见 What is the "realm" in basic authentication
查看 AuthorizationServerSecurityConfigurer 的(实际上不存在的)文档,我没有看到 realm 方法的任何描述。它的目的是什么?
我在网上看到一个例子是这样使用的,但是没有任何描述,所以我还是不确定
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer
.realm(RESOURCE_ID + "/client")
.accessDeniedHandler(accessDeniedHandler)
.authenticationEntryPoint(entryPoint);
}
AuthorizationServerSecurityConfigurer的realm方法源码为:
public AuthorizationServerSecurityConfigurer realm(String realm) {
this.realm = realm;
return this;
}
此方法的唯一目标是在 HTTP/1.1:
的意义上定义 领域The "realm" authentication parameter is reserved for use by authentication schemes that wish to indicate a scope of protection. [...] These realms allow the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme and/or authorization database.
另见 What is the "realm" in basic authentication