使用Spring Boot 1.5.6.RELEASE我能够发送HTTP状态代码401而不是403,如How let spring security response unauthorized(http 401 code) if requesting uri without authentication所述,通过这样做:
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
//...
http.exceptionHandling()
.authenticationEntryPoint(new Http401AuthenticationEntryPoint("myHeader"));
//...
}
}
使用org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint类.
我刚刚升级到Spring Boot 2.0.0.RELEASE,发现不再有这样的课程了(至少在那个包中).
问:
Spring Boot中是否存在此类(Http401AuthenticationEntryPoint)?如果不是,那么在现有项目中保持相同行为以保持与依赖于此状态代码(401)而不是403的其他实现的一致性可能是一个很好的替代方案?
最佳答案
删除了类org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint,转而使用org.springframework.security.web.authentication.HttpStatusEntryPoint.
@H_301_29@在我的情况下,代码将是这样的:
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
//...
http.exceptionHandling()
.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
//...
}
}