[英]Why is Spring performing POST request to the registered error page?
My Spring Boot application serves POST requests at the login endpoint http://server.org/users/login
, which may result in a 401 error. 我的Spring Boot应用程序在登录端点http://server.org/users/login
提供POST请求,这可能会导致401错误。 In this case, Spring is performing another POST request to the registered error page, whereas I expected a GET request to be performed always. 在这种情况下,Spring正在对已注册的错误页面执行另一个POST请求,而我希望始终执行GET请求。 Is it possible to alter this behaviour? 有可能改变这种行为吗?
EDIT : 编辑 :
I am using the following code to configure my error page: 我正在使用以下代码来配置我的错误页面:
@Bean
public EmbeddedServletContainerCustomizer containerCustomizer() {
return (container -> {
ErrorPage error401Page = new ErrorPage(HttpStatus.UNAUTHORIZED, "/weblogin");
ErrorPage error404Page = new ErrorPage(HttpStatus.NOT_FOUND, "/404.html");
ErrorPage error500Page = new ErrorPage(HttpStatus.INTERNAL_SERVER_ERROR, "/500.html");
container.addErrorPages(error401Page, error404Page, error500Page);
});
}
When I call http://server.org/users/login
using eg a form, the procedure is the following: 当我使用例如表单调用http://server.org/users/login
,过程如下:
1) POST request is issued to the Server at http://server.org/users/login
1)POST请求发布到服务器, http://server.org/users/login
为http://server.org/users/login
2) Login credentials are invalid, error page 401 should be returned 2)登录凭据无效,应返回错误页面401
3) Here I am not sure what happens next, Spring tells me in the logs that another POST request is performed to /weblogin
. 3)在这里我不确定接下来会发生什么,Spring在日志中告诉我对/weblogin
执行了另一个POST请求。 If I don't specify a custom error page, a POST request is performed to /error
: 如果我未指定自定义错误页面,则会对/error
执行POST请求:
2016-11-19 20:10:38,827 [http-nio-80-exec-3] DEBUG o.s.web.servlet.DispatcherServlet - DispatcherServlet with name 'dispatcherServlet' processing POST request for [/weblogin]
2016-11-19 20:10:38,828 [http-nio-80-exec-3] DEBUG o.s.w.s.m.m.a.RequestMappingHandlerMapping - Looking up handler method for path /weblogin
I believe you're using FromLogin
on your security configuration. 我相信您正在安全配置上使用FromLogin
。
It would be simpler if you just: 如果您只是:
formLogin()
.failureUrl("/my_failure_url")
.failureHandler(authenticationFailureHandler);
use a failure URL to navigate to your URL page on error, or/and write your on authentication handler which will be triggered on from login failure. 使用失败的URL导航到错误的URL页面,或/和编写将在登录失败时触发的on身份验证处理程序。
That bean should implements AuthenticationFailureHandler
interface and should be marked as bean using @Bean
or @Component
, on that bean all you have to do is to implement your logic: 该bean应该实现AuthenticationFailureHandler
接口,并应使用@Bean
或@Component
将其标记为bean,您所需要做的就是实现您的逻辑:
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException authEx)
throws IOException, ServletException {
// TODO Auto-generated method stub
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.