春季启动宁静服务禁用Chrome登录弹出窗口 [英] spring boot restful service disable Chrome login popup

问题描述

我正在用Angular前端构建一个安静的web服务。如果用户使用错误凭证登录，Chrome浏览器会自动显示登录弹出窗口。我想通过回应代码403而不是401来防止这种情况发生。

我已经评论[这个问题] [1]，它对我的​​用例没有帮助。我也尝试过在谷歌上找到不同的解决方案，但在所有情况下，都会给401登录弹出窗口。

解决方案

使用最新的Spring版本，用于处理认证的配置已更改。出于这个原因，大多数教程不再工作。这里是工作配置：

SecurityConfig.java：

  @配置
 @EnableWebSecurity 
公共类SecurityConfig扩展WebSecurityConfigurerAdapter {
 
 @Autowired 
 private CustomAuthenticationEntryPoint authenticationEntryPoint; 
 
 @Override 
 protected void configure（HttpSecurity http）抛出异常{
 http 
 // .... 
 //。和（）$ b $ .httpBasic（）。authenticationEntryPoint（authenticationEntryPoint）
 .and（）。csrf（）。disable（）; 
 
 
 
 
 $ b 
 CustomAuthenticationAntryPoint.java：
 
 
  @Component 
 public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint {
 
 private final Logger log = LoggerFactory.getLogger（CustomAuthenticationEntryPoint.class） ; 
 $ b @Override 
 public void starts（HttpServletRequest httpServletRequest，HttpServletResponse httpServletResponse，AuthenticationException e）抛出IOException，ServletException {
 log.debug（预先验证的入口点被调用。拒绝访问）; 
 httpServletResponse.sendError（HttpServletResponse.SC_FORBIDDEN，Bad credentials）; 
} 
} 
  
 
I am building a restful web service with an Angular front end. If the users log in with wrong credentials, the Chrome browser automatically shows a login popup. I want to prevent this by responding to code 403 instead of 401. 

i have review [this question][1] and it does not help with my use case. I have also tried different solutions found on google, but in all cases is stays giving 401 with the login popup. 
解决方案
With the newest Spring versions, the configuration to handle authentication has changed. For this reason most tutorials do not work anymore. here is the working configuration:

SecurityConfig.java:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private CustomAuthenticationEntryPoint authenticationEntryPoint;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            //....
            //.and()
            .httpBasic().authenticationEntryPoint(authenticationEntryPoint)
            .and().csrf().disable();
    }
}
CustomAuthenticationAntryPoint.java:
@Component
public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint {

    private final Logger log = LoggerFactory.getLogger(CustomAuthenticationEntryPoint.class);

    @Override
    public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
        log.debug("Pre-authenticated entry point called. Rejecting access");
        httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "Bad credentials");
    }
}


                        
这篇关于春季启动宁静服务禁用Chrome登录弹出窗口的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！