[英]Disable Redirect by Spring Security in Jersey Spring Boot Application
我正在拔頭發。 該環境是通過Spring Boot配置的JAXRS(使用Jersey)Restful應用程序。 我正在開發與微服務通信的業務流程層。 編排層使用RestTemplate執行對微服務的調用。
由於某種原因,當業務流程服務返回錯誤級別狀態代碼時,Spring Security嘗試發布到http:// localhost:65448 / error 。 我不知道誰在這樣做。 我已經打開了日志記錄,通過代碼進行了跟蹤,瀏覽了互聯網,並閱讀了所有文檔...我無法確定哪個類正在嘗試這樣做。 我不能阻止它。
這是我的Spring Configuration(groovy)中的安全性位:
@Configuration
@EnableWebSecurity
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Inject
private UserService userService
@Inject
private StatelessAuthenticationFilter statelessAuthenticationFilter
void configure(WebSecurity web) throws Exception {
}
void configure(HttpSecurity http) throws Exception {
http
.anonymous().and()
// .servletApi().and()
.headers().cacheControl().and()
.exceptionHandling().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.rememberMe().disable()
.csrf().disable()
.formLogin().disable()
.httpBasic().disable()
.jee().disable()
.logout().disable()
//.openidLogin().disable()
.authorizeRequests()
.filterSecurityInterceptorOncePerRequest(true)
// Allow anonymous logins
.antMatchers('/security/authc').permitAll()
// All other request need to be authenticated
.anyRequest().authenticated().and()
// Custom Token based authentication based on the header previously given to the client
.addFilterAfter(statelessAuthenticationFilter, BasicAuthenticationFilter)
}
void configure(AuthenticationManagerBuilder auth) {
auth
.userDetailsService(userService)
.passwordEncoder(passwordEncoder())
}
@Bean
PasswordEncoder passwordEncoder() {
new BCryptPasswordEncoder()
}
@Bean
AuthenticationManager authenticationManagerBean() {
super.authenticationManagerBean()
}
}
測試代碼通過將Authorization標頭發布到authc端點來執行基於休息的簡單身份驗證。 除非業務流程服務返回錯誤級別狀態代碼,否則這將按預期工作。
這是相關的日志記錄:
[2015-06-03 07:07:15.621] boot - 47784 INFO [qtp1012776440-21] --- LoggingFilter: 1 * Server has received a request on thread qtp1012776440-21
1 > POST http://localhost:65448/security/authc
1 > Accept: */*
1 > Accept-Encoding: gzip,deflate
1 > Authorization: bm90ZXhpc3RzOnRlc3RwYXNz
1 > Connection: keep-alive
1 > Content-Length: 0
1 > Content-Type: application/x-www-form-urlencoded; charset=ISO-8859-1
1 > Host: localhost:65448
1 > User-Agent: Apache-HttpClient/4.2.1 (java 1.5)
[2015-06-03 07:07:15.753] boot - 47784 INFO [qtp1012776440-21] --- LoggingFilter: 1 * Server responded with a response on thread qtp1012776440-21
1 < 400
[2015-06-03 07:07:15.757] boot - 47784 INFO [qtp1012776440-21] --- LoggingFilter: 2 * Server has received a request on thread qtp1012776440-21
2 > POST http://localhost:65448/error
2 > Accept: */*
2 > Accept-Encoding: gzip,deflate
2 > Authorization: bm90ZXhpc3RzOnRlc3RwYXNz
2 > Connection: keep-alive
2 > Content-Length: 0
2 > Content-Type: application/x-www-form-urlencoded; charset=ISO-8859-1
2 > Host: localhost:65448
2 > User-Agent: Apache-HttpClient/4.2.1 (java 1.5)
[2015-06-03 07:07:15.781] boot - 47784 INFO [qtp1012776440-21] --- LoggingFilter: 2 * Server responded with a response on thread qtp1012776440-21
2 < 404
2 < Content-Type: application/json
HTTP/1.1 404 Not Found
Date: Wed, 03 Jun 2015 11:07:15 GMT
Pragma: no-cache
X-Application-Context: Test:test:0
Content-Type: application/json
Transfer-Encoding: chunked
Server: Jetty(9.2.9.v20150224)
在我將計算機扔出窗戶之前,請提供幫助。
干杯
這是由ErrorMvcAutoConfiguration
引起的。 您可以禁用它(通過在注釋EnableAutoConfiguration
上排除),也可以使用屬性error.path
更改其路徑(如果您具有自定義錯誤路徑)。
HY,
當服務器使用狀態代碼> = 400(404除外)響應並且響應沒有實體時,這是Jetty的默認行為。 您可以通過設置一個空的錯誤頁面列表來“禁用”此行為
@Bean
public EmbeddedServletContainerCustomizer containerCustomizer() {
return new EmbeddedServletContainerCustomizer() {
@Override
public void customize(ConfigurableEmbeddedServletContainer container) {
// On skippe la redirection /error realise
container.setErrorPages(Sets.<ErrorPage> newConcurrentHashSet());
}
};
}
盡管有這種解決方法,服務器仍將使用XML正文發送實際的http狀態(請參見ErrorHandler)
拖曳也是如此。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.