我正在使用Spring Boot Security通过LDAP为应用程序验证用户身份。默认情况下,此配置会将未经授权的用户重定向到登录页面。我想调整这个配置来实现两件事:
我该怎么做?我已经看到一些其他问题给了我提示,但我仍然无法弄清楚。
这篇文章的最佳答案似乎很相关,但他链接到这样做的XML方法。我想用Java做。 Spring Security - need 403 error, not redirect
任何帮助将不胜感激!
这是我目前的设置:
WebSecurityConfig.java
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/css/**").permitAll()
.anyRequest().authenticated();
http
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/", true)
.permitAll()
.and()
.httpBasic()
.and()
.csrf().disable()
.logout()
.logoutSuccessUrl("/login");
}
答案 0 :(得分:1)
找到一个似乎有效的解决方案(到目前为止,至少)
@Bean
public AuthenticationEntryPoint delegatingEntryPoint() {
final LinkedHashMap<RequestMatcher, AuthenticationEntryPoint> map = new LinkedHashMap();
map.put(new AntPathRequestMatcher("/"), new LoginUrlAuthenticationEntryPoint("/login"));
map.put(new AntPathRequestMatcher("/api_v1/**"), new Http403ForbiddenEntryPoint());
final DelegatingAuthenticationEntryPoint entryPoint = new DelegatingAuthenticationEntryPoint(map);
entryPoint.setDefaultEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"));
return entryPoint;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
//delegates based on url (api vs root)
http.exceptionHandling().authenticationEntryPoint(delegatingEntryPoint());
http
.authorizeRequests()
.antMatchers("/css/**").permitAll()
.anyRequest().authenticated();
http
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/", true)
.permitAll()
.and()
.httpBasic()
.and()
.csrf().disable()
.logout()
.logoutSuccessUrl("/login");
}
希望这有助于某人前进。我知道我花了很长时间才找到答案。 :)