我正在使用Spring-security 4.0.4。
我试图设置响应头的安全配置如下 -
<sec:http use-expressions="true">
<sec:headers defaults-disabled="true"/>
</sec:http>
此设置用于禁用安全标头中的安全组件。
但是,如果完成此设置,则在服务器启动期间将引发以下异常。
Caused by: org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: No AuthenticationEntryPoint could be established. Please make sure you have a login mechanism configured through the namespace (such as form-login) or specify a custom AuthenticationEntryPoint with the 'entry-point-ref' attribute
根据错误,设置需要form-login才能与上述设置一起使用。有人可以告诉我为什么会这样吗?
答案 0 :(得分:5)
entry-point-ref(即未经身份验证的用户尝试访问安全资源而触发身份验证过程的地方)
您可以为实现AuthenticationEntryPoint的自己的入口点配置<http entry-point-ref="youOwnEntrypoint">
,如下面的配置
auto-config或者您可以将<http auto-config="true" >
设置为true,它会自动注册登录表单,BASIC身份验证和注销服务。
PostMethod:
Type: "AWS::ApiGateway::Method"
Properties:
AuthorizationType: "NONE"
ApiKeyRequired: "true"
HttpMethod: "POST"
ResourceId: !Ref "SomeResource"
RestApiId: !Ref "RestApi"
MethodResponses:
- StatusCode: 200
Integration:
Credentials: !GetAtt "RestApiRole.Arn"
IntegrationHttpMethod: "POST"
IntegrationResponses:
- StatusCode: 200
Type: "AWS"
Uri: !Sub "arn:aws:apigateway:${AWS::Region}:sqs:action/SendMessage"
RequestParameters:
integration.request.querystring.QueueUrl: !Sub "'${SomeQueue}'"
integration.request.querystring.MessageBody: "method.request.body"