如何在Spring服务器配置中禁用“Authentification required popup”?

时间:2017-01-10 13:42:39

标签: spring browser spring-security basic-authentication restful-authentication

路由/gateways需要身份验证 在浏览器中访问/gateways后,我被重定向到/login,并显示以下表单:

enter image description here

如果从angular2应用程序访问/gateways,则会显示以下弹出窗口:

enter image description here

我的春季安全配置如下:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {


    private static String REALM="Authentication";

    @Autowired
    public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {

        auth.inMemoryAuthentication().withUser("cris").password("123").roles("ADMIN");
        auth.inMemoryAuthentication().withUser("felix").password("felix123").roles("USER");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http

                .httpBasic()

                .and()
                .csrf()
                .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())

                .and()
                .formLogin()

                .and()
                .authorizeRequests()
                .antMatchers("/user", "/vehicles", "/signin", "/isautheticated").permitAll().anyRequest()
                .authenticated();
    }

 // Access-Control-Allow-Origin header to be present
    @Bean
    public WebMvcConfigurer corsConfigurer() {
        return new WebMvcConfigurerAdapter() {
            @Override
            public void addCorsMappings(CorsRegistry registry) {
                registry.addMapping("/**");
            }
        };
    }

    /* To allow Pre-flight [OPTIONS] request from browser */
    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers(HttpMethod.OPTIONS, "/**");
    }

那么如何禁用弹出窗口?

2 个答案:

答案 0 :(得分:1)

您应在配置中指定formLogin()而不是httpBasic()。你的配置方法应该是这样的。

@Override
protected void configure(HttpSecurity http) throws Exception {

    http

            .formLogin()
                .loginPage("/login");

            .and()
            .csrf()
            .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())

            .and()
            .formLogin()

            .and()
            .authorizeRequests()
            .antMatchers("/user", "/vehicles", "/signin", "/isautheticated").permitAll().anyRequest()
            .authenticated();
}

答案 1 :(得分:0)

我认为来自angular2的请求正在使用无效的Authorization基本标头,它由BasicAuthenticationFilter处理,并且它抛出AuthenticationException,并开始进入入口点。 您可以实现自己的实现AuthenticationEntryPoint的入口点,然后注入BasicFilter,默认入口点为BasicAuthenticationEntryPoint。如您所见,它将返回WWW-Authenticate响应标头。

public void commence(HttpServletRequest request, HttpServletResponse response,
            AuthenticationException authException) throws IOException, ServletException {
        response.addHeader("WWW-Authenticate", "Basic realm=\"" + realmName + "\"");
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
                authException.getMessage());
    }
相关问题
最新问题