stackoom
  简体   繁体   中英

Spring Boot, Spring Security returns a status 401 instead of 404 for "no mapping found for HTTP request"

 原文  2019-12-18 08:01:58       java/ spring/ spring-boot/ http-status-code-404/ http-status-code-401

Question

I am having a project using Spring Boot and Spring Security. Spring Security validate the header with the session id for every request. If the session id is invalid or expired, an error code 401 will be returned. The session id is validated before it gets to the controller.

Now, I am facing an issue that if the user enters an invalid URL without a valid session id, still the response code is 401 because the session id is validated first. My expectation is that if the URL is invalid, an error code 404 (no mapping found for HTTP request) will be returned. In other words, I want to validate the URL before validating session id.

Is there any way to do so because the session id in the header is validated in the GenericFilterBean before it gets to the controller?

Any help is appreciated. Thank you.

2 answers

solution1
 0  2019-12-18 08:19:42

You can try to config access settings inside your WebSecurityConfigurerAdapter class.

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
        .antMatchers("/secure/**").authenticated()
        .and()
        .authorizeRequests().anyRequest().permitAll();
}

So the filter won't return HTTP 401 for any request which is not match "/secure/**" pattern.

solution2
 0  2020-12-28 16:00:07

Put this filter as the first filter in the Spring Security:

public class NoHandlerFoundFilter extends OncePerRequestFilter {

  private final DispatcherServlet dispatcherServlet;

  public NoHandlerFoundFilter(DispatcherServlet dispatcherServlet) {
    this.dispatcherServlet = dispatcherServlet;
  }

  @Override
  protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
    if (null == getHandler(request)) {
      throw new NoHandlerFoundException(request.getMethod(), getRequestUri(request),
          new ServletServerHttpRequest(request).getHeaders());
    }
    filterChain.doFilter(request, response);
  }

  private static String getRequestUri(HttpServletRequest request) {
    String uri = (String) request.getAttribute(WebUtils.INCLUDE_REQUEST_URI_ATTRIBUTE);
    if (uri == null) {
      uri = request.getRequestURI();
    }
    return uri;
  }

  protected HandlerExecutionChain getHandler(HttpServletRequest request) {
    if (dispatcherServlet.getHandlerMappings() != null) {
      for (HandlerMapping mapping : dispatcherServlet.getHandlerMappings()) {
        try {
          HandlerExecutionChain handler = mapping.getHandler(request);
          if (handler != null) {
            return handler;
          }
        } catch (Exception ex) {
          // Ignore
        }
      }
    }
    return null;
  }
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring mvc request mapping returns Http Status 404 instead of String Spring Boot results in HTTP Status 404 – Not Found Spring MVC: HTTP Status 404, No mapping found for HTTP request with URI [/BugzillaReport/] in DispatcherServlet with name 'spring-dispatcher' Spring Boot Security does not throw 401 Unauthorized Exception but 404 Not Found No mapping found for HTTP request Spring Security Why REST Controlle in Spring Boot is returning HTTP Status 404 – Not Found Spring returns 401 instead of 200 status java: Spring Boot - Swagger2: No mapping found for HTTP request spring no mapping found for http request Spring 4 No mapping found for HTTP request
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM