我想将spring安全配置从xml转换为java config。 几乎没有完成,最后一个问题是AuthenticationEntryPoint。 HttpSecurity中的设置将被忽略。
我使用Spring security 3.2.0.M2
Snipped of SecurityConfig.class
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.addFilterAfter(httpPayloadFilter(), ChannelProcessingFilter.class)
.addFilterAfter(httpRestLoginFilter(), SecurityContextPersistenceFilter.class)
.authorizeUrls()
.antMatchers("/**").hasRole("USER")
.antMatchers("/secure/clientident/**").hasRole("REQUESTVALID")
.and()
.httpBasic().authenticationEntryPoint(delegatingAuthenticationEntryPoint());
}
@Bean
public DelegatingAuthenticationEntryPoint delegatingAuthenticationEntryPoint() {
ELRequestMatcher matcher = new ELRequestMatcher("hasHeader('user-agent', 'Mozilla') or " +
"hasHeader('user-agent', 'Chromium') or " +
"hasHeader('user-agent', 'Chrome') or " +
"hasHeader('user-agent', 'Safari')");
LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> map =
new LinkedHashMap<RequestMatcher, AuthenticationEntryPoint>();
map.put(matcher, new BasicAuthenticationEntryPoint());
DelegatingAuthenticationEntryPoint delegatingAuthenticationEntryPoint = new DelegatingAuthenticationEntryPoint(map);
delegatingAuthenticationEntryPoint.setDefaultEntryPoint(new Http403ForbiddenEntryPoint());
return delegatingAuthenticationEntryPoint;
}
我总是在客户端获得“HTTP 403”(猜测Http403ForbiddenEntryPoint)。 我也尝试过一个更简单的配置,而没有委托像身份验证这样的。
.httpBasic().authenticationEntryPoint(new BasicAuthenticationEntryPoint())
这也行不通。 有谁知道我做错了什么?
添加:
应该锁定得更好。找到关于这个问题的另一篇文章
need spring security java config example showing basic auth only
票证SEC-2198也已被放置。
当前的解决方法。
.exceptionHandling()
.authenticationEntryPoint(delegatingAuthenticationEntryPoint())
.and()
.httpBasic();