Spring Boot,Spring Security 返回状态 401 而不是 404,用于“未找到 HTTP 请求的映射”
[英]Spring Boot, Spring Security returns a status 401 instead of 404 for "no mapping found for HTTP request"
问题描述
I am having a project using Spring Boot and Spring Security.
我有一个使用 Spring Boot 和 Spring Security 的项目。 Spring Security validate the header with the session id for every request. Spring Security 使用每个请求的会话 ID 验证标头。 If the session id is invalid or expired, an error code 401 will be returned.如果 session id 无效或过期,将返回错误代码 401。 The session id is validated before it gets to the controller.会话 id 在它到达控制器之前被验证。
Now, I am facing an issue that if the user enters an invalid URL without a valid session id, still the response code is 401 because the session id is validated first.现在,我面临一个问题,如果用户输入一个没有有效会话 ID 的无效 URL,响应代码仍然是 401,因为会话 ID 首先被验证。 My expectation is that if the URL is invalid, an error code 404 (no mapping found for HTTP request) will be returned.我的期望是,如果 URL 无效,将返回错误代码 404(未找到 HTTP 请求的映射)。 In other words, I want to validate the URL before validating session id.换句话说,我想在验证会话 ID 之前验证 URL。
Is there any way to do so because the session id in the header is validated in the GenericFilterBean before it gets to the controller?有没有办法这样做,因为标头中的会话 ID 在到达控制器之前在 GenericFilterBean 中进行了验证?
Any help is appreciated.任何帮助表示赞赏。 Thank you.谢谢你。
2 个解决方案
解决方案1
0 2019-12-18 08:19:42
You can try to config access settings inside your WebSecurityConfigurerAdapter class.您可以尝试在 WebSecurityConfigurerAdapter 类中配置访问设置。
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/secure/**").authenticated()
.and()
.authorizeRequests().anyRequest().permitAll();
}
So the filter won't return HTTP 401 for any request which is not match "/secure/**" pattern.因此,过滤器不会为任何与“/secure/**”模式不匹配的请求返回 HTTP 401。
解决方案2
0 2020-12-28 16:00:07
Put this filter as the first filter in the Spring Security:将此过滤器作为 Spring Security 中的第一个过滤器:
public class NoHandlerFoundFilter extends OncePerRequestFilter {
private final DispatcherServlet dispatcherServlet;
public NoHandlerFoundFilter(DispatcherServlet dispatcherServlet) {
this.dispatcherServlet = dispatcherServlet;
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
if (null == getHandler(request)) {
throw new NoHandlerFoundException(request.getMethod(), getRequestUri(request),
new ServletServerHttpRequest(request).getHeaders());
}
filterChain.doFilter(request, response);
}
private static String getRequestUri(HttpServletRequest request) {
String uri = (String) request.getAttribute(WebUtils.INCLUDE_REQUEST_URI_ATTRIBUTE);
if (uri == null) {
uri = request.getRequestURI();
}
return uri;
}
protected HandlerExecutionChain getHandler(HttpServletRequest request) {
if (dispatcherServlet.getHandlerMappings() != null) {
for (HandlerMapping mapping : dispatcherServlet.getHandlerMappings()) {
try {
HandlerExecutionChain handler = mapping.getHandler(request);
if (handler != null) {
return handler;
}
} catch (Exception ex) {
// Ignore
}
}
}
return null;
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.