java - サービスに接続するときにブラウザがログインとパスワードを要求する

Question

私のサービスでは、Waffle で Spring Security を使用しています。ローカルでサービスに接続すると (ブラウザーと Tomcat が同じコンピューターで起動されます)、すべてがうまく機能します (ブラウザーはログインとパスワードを要求しません)。別のコンピューターからサービスに接続すると、ブラウザーは常にログインとパスワードを要求します。

これは私のweb.xmlです：

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns="http://java.sun.com/xml/ns/javaee" 
         xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
   http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
         id="WebApp_ID" version="2.5">
    <display-name>Struts 2 Spring Security 4</display-name>

    <!--SPRING SECURITY-->
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/spring-security/context.xml
        </param-value>
    </context-param>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter> 

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <!--SPRING SECURITY--> 

    <filter>
        <filter-name>SecurityFilter</filter-name>
        <filter-class>waffle.servlet.NegotiateSecurityFilter</filter-class>
        <init-param>
            <param-name>waffle.servlet.spi.NegotiateSecurityFilterProvider/protocols</param-name>
                <param-value>
                    Negotiate
                    NTLM                    
                </param-value>
        </init-param>
    </filter>

    <filter-mapping>
      <filter-name>SecurityFilter</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>  


    <!-- Struts 2-->
    <filter>
        <filter-name>struts2</filter-name>
        <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>struts2</filter-name>
        <url-pattern>/*</url-pattern>       
    </filter-mapping>    
    <!-- Struts 2-->

    <listener>
        <listener-class>
            org.springframework.web.context.ContextLoaderListener
        </listener-class>
    </listener>

    <listener>
        <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
    </listener>

    <!-- Struts Tiles Listener -->
    <listener>
        <listener-class>
            org.apache.struts2.tiles.StrutsTilesListener
        </listener-class>
    </listener>
    <!-- Struts Tiles Listener -->

    <listener>
        <listener-class>
            ru.dpd.vms.pss.scheduler.SchedulerListener
        </listener-class>
    </listener>

    <context-param>
        <param-name>org.apache.tiles.impl.BasicTilesContainer.DEFINITIONS_CONFIG</param-name>
        <param-value>
            /WEB-INF/tiles.xml
        </param-value>
    </context-param>    

    <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>

    <session-config>
        <session-timeout>120</session-timeout>
    </session-config>

</web-app>

これは春のコンテキストです：

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:sec="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

    <sec:http   auto-config="true"
                use-expressions="true" 
                request-matcher="regex"
                entry-point-ref="negotiateSecurityFilterEntryPoint" >

        <sec:csrf disabled="true"/>

        <sec:custom-filter ref="waffleNegotiateSecurityFilter" before="BASIC_AUTH_FILTER" />
        <sec:custom-filter ref="customFilter" after="BASIC_AUTH_FILTER"/>


Here is some <sec:intercept-url/> 

    </sec:http>


    <bean id="basicSecurityFilterProvider" class="waffle.servlet.spi.BasicSecurityFilterProvider">
        <constructor-arg ref="waffleWindowsAuthProvider" />
    </bean>

    <bean id="waffleSecurityFilterProviderCollection" class="waffle.servlet.spi.SecurityFilterProviderCollection">
    <constructor-arg>
        <list>
            <ref bean="negotiateSecurityFilterProvider" />
            <ref bean="basicSecurityFilterProvider" />               
        </list>
    </constructor-arg>
    </bean>

    <bean id="negotiateSecurityFilterProvider" class="waffle.servlet.spi.NegotiateSecurityFilterProvider">
        <constructor-arg ref="waffleWindowsAuthProvider" />
    </bean>

    <bean id="negotiateSecurityFilterEntryPoint" class="waffle.spring.NegotiateSecurityFilterEntryPoint">
        <property name="Provider" ref="waffleSecurityFilterProviderCollection" />
    </bean>


    <sec:authentication-manager alias="authenticationProvider">
        <sec:authentication-provider ref="waffleSpringAuthenticationProvider" />
    </sec:authentication-manager>


    <bean id="waffleWindowsAuthProvider" class="waffle.windows.auth.impl.WindowsAuthProviderImpl" />


    <bean id="waffleSpringAuthenticationProvider" class="waffle.spring.WindowsAuthenticationProvider">
        <property name="allowGuestLogin" value="false" />
        <property name="principalFormat" value="fqn" />
        <property name="roleFormat" value="both" />
        <property name="authProvider" ref="waffleWindowsAuthProvider" />

    </bean>

    <bean id="waffleNegotiateSecurityFilter" class="waffle.spring.NegotiateSecurityFilter">
        <property name="Provider" ref="waffleSecurityFilterProviderCollection" />
        <property name="AllowGuestLogin" value="false" />

        <property name="PrincipalFormat" value="fqn" />
        <property name="RoleFormat" value="both" />

    </bean>

    <bean id="customFilter" class="ru.yyy.vms.pss.ntlm.CustomFilter"></bean>
</beans>

アドバイスをいただければ幸いです。ありがとうございました。

1) ログイン ボックスをキャンセルするとどうなるか (スクリーンショット) 2) (おそらく偽の) 資格情報を入力するとどうなるか (スクリーンショット) この場合、サイトが表示されます。私はそれを公開したくありません。3) デバッガーの [ネットワーク] タブに表示されるもの (スクリーンショット + コピーされたプレーン テキスト)

Request URL: http://yyy/wyyy/welcome.do
Request Method: GET
Status Code: 200 OK
Remote Address: 10.239.254.213:8088
Referrer Policy: no-referrer-when-downgrade
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Type: text/html;charset=UTF-8
Date: Wed, 07 Nov 2018 07:07:08 GMT
Expires: 0
Pragma: no-cache
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=E9CCCF0A98F62D56A43EBC383D759DE8; Path=/wyyy/; HttpOnly
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7
Authorization: Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAvAjAAAADw==
Connection: keep-alive
Cookie: JSESSIONID=AA48EC52FF03298E8217D5A4DF9D3D73
Host: yyy
Upgrade-Insecure-Requests: 1

Request URL: http://yyy/wyyy/welcome.do
Request Method: GET
Status Code: 401 Unauthorized
Remote Address: 10.239.254.213:8088
Referrer Policy: no-referrer-when-downgrade
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: close
Content-Language: en
Content-Length: 994
Content-Type: text/html;charset=utf-8
Date: Wed, 07 Nov 2018 07:15:14 GMT
Expires: 0
Pragma: no-cache
Server: Apache-Coyote/1.1
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
WWW-Authenticate: Basic realm="BasicSecurityFilterProvider"
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7
Connection: keep-alive
Cookie: JSESSIONID=657AC285B9FF43405FADD51026088F4D
Host: yyy
Upgrade-Insecure-Requests: 1