With Spring Boot 1.3 there is an autoconfiguration for Oauth2 in Spring Boot.
There is a spring guide which provides a few nice examples, but i want to achieve a different solution. My problem bases on the provided click example. I want to be redirected to the authorization server after visiting the "/login" endpoint. If i request a protected resource without authentication i want to get a 401 (Unauthorized) instead of instant a redirect (302) to the authorization uri.
This is Java code of the click example
@SpringBootApplication
@EnableOAuth2Sso
@RestController
public class SocialApplication extends WebSecurityConfigurerAdapter {
@RequestMapping("/user")
public Principal user(Principal principal) {
return principal;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/**")
.authorizeRequests()
.antMatchers("/", "/login**", "/webjars/**")
.permitAll()
.anyRequest()
.authenticated();
}
public static void main(String[] args) {
SpringApplication.run(SocialApplication.class, args);
}
}
I tried adding a custom AuthenticationEntryPoint but it seems that this is just ignored :(
What i tried:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.antMatcher("/**")
.authorizeRequests()
.antMatchers("/", "/login**", "/webjars/**")
.permitAll()
.anyRequest()
.authenticated()
.and()
.exceptionHandling()
.authenticationEntryPoint(new Http401AuthenticationEntryPoint("Session realm=\"JSESSIONID\""));
}
The full source code of the click example can be found on github .
Is it possible to achieve a 401 instead of the redirect?
Until spring-boot 1.3.0 it was impossible to do so due to an issue in the order of applying custom configurers when using this combination (see #4629 for further resolution ).
Starting with spring-boot 1.3.1 the request header X-Requested-With: XMLHttpRequest
signals that the caller prefers a 401 Unauthorized
over a 302 Found
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.