如何在没有XML配置的情况下定义自定义AuthenticationEntryPoint [英] How to define a custom AuthenticationEntryPoint without XML configuration

问题描述

我已经挣扎了好几天了。我是Spring Boot的新手，并且喜欢不使用XML配置。

I've been struggling for a few days now. I'm kind of new in Spring Boot, and like the idea of not using XML configuration.

我创建了一个RESTfull应用程序（带有JSON）。我正在关注本教程正确配置身份验证。

I created a RESTfull application (with JSON). I'm following this tutorial to configure authentication properly.

我认为我设法使用Java配置重现几乎所有配置，除了一个事物 - AuthenticationEntryPoint

I think I managed to reproduce almost all of its configurations using Java configuration, except for one thing - AuthenticationEntryPoint

本教程使用 http 这样标记，并按以下方式定义 formLogin ：

The tutorial uses a property in http tag like this and defines a formLogin in the following way:

<http entry-point-ref="restAuthenticationEntryPoint">

  <intercept-url pattern="/api/admin/**" access="ROLE_ADMIN"/>

  <form-login
     authentication-success-handler-ref="mySuccessHandler"
     authentication-failure-handler-ref="myFailureHandler"
  />

  <logout />

</http>

AuthenticationEntryPoint 说明docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/#ns-entry-point-refrel =nofollow noreferrer> Spring Security手册说：

The AuthenticationEntryPoint explanation in the Spring Security manual says:

可以使用<上的entry-point-ref属性设置AuthenticationEntryPoint。 http> element。

AuthenticationEntryPoint can be set using the entry-point-ref attribute on the < http > element.

未提及有关如何使用Java配置执行此操作的信息。

Doesn't mention anything about how to do it using Java Configuration.

那么如何在没有XML的情况下注册我自己的 restAuthenticationEntryPoint ，以防止在使用 formLogin ？

So how can I "register" my own restAuthenticationEntryPoint without XML in order to prevent the redirection to a login form when using formLogin?

下面我将提到我的尝试。

Below I will mention what I have tried.

谢谢大家。

在我的尝试中，发现你可以使用 basicAuth 来定义它：

In my attempts, found you can define it using basicAuth like this:

@Configuration
@Order(1)                                                        
public static class RestWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {


        if (restAuthenticationEntryPoint == null) {
            restAuthenticationEntryPoint = new RestAuthenticationEntryPoint();
        }

        http
            .authorizeRequests()
                .antMatchers("/**").hasAnyRole(Sec.ADMIN,Sec.SUPER_USER)
...
        .and()
            .httpBasic()
                .authenticationEntryPoint(restAuthenticationEntryPoint)

但我正在使用这样的表单登录（没有 httpBasic 部分）：

But I'm using a form login like this (without the httpBasic part):

        .and()
            .formLogin()
                .successHandler(mySavedRequestAwareAuthenticationSuccessHandler)
                .failureHandler(simpleUrlAuthenticationFailureHandler)

问题是当它没有收到凭据时会重定向到登录表单。由于这是一个REST服务，它不应该。

The problem is it redirects to a login form when it doesn't receive credentials. Since this is a REST service it shouldn't.

FormLoginConfigurer 文档 >（类 .formLogin（）使用）说：

创建的共享对象

Shared Objects Created

填充以下共享对象

AuthenticationEntryPoint

但无法找到覆盖它的方法。

有什么想法吗？

But couldn't find a way to override it.
Any ideas?

PS

不要认为将登录表格覆盖到以下是个好主意一个只返回错误的自定义。

P.S.
Don't think it would be a good idea to override the login form to a custom one that only returns the error.

推荐答案

您提供的参考文档中的引用指向 http.exceptionHandling（）。您可以在那里设置共享入口点。

The quote from the ref docs you provided is pointing you at http.exceptionHandling(). You can set up the shared entry point there.

http.exceptionHandling().authenticationEntryPoint(myEntryPoint);

这篇关于如何在没有XML配置的情况下定义自定义AuthenticationEntryPoint的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！