在我的Spring应用程序中,如果用户未登录,我想返回401状态。我创建了一个自定义的AuthenticationEntryPoint来执行此操作:
@Component( "restAuthenticationEntryPoint" )
public class RestAuthenticationEntryPoint
implements AuthenticationEntryPoint {
@Override
public void commence(
HttpServletRequest request,
HttpServletResponse response,
AuthenticationException authException) throws IOException {
response.sendError( HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized" );
}
}
配置:
http.exceptionHandling().authenticationEntryPoint(restAuthenticationEntryPoint)
.and()
.authorizeRequests()
.anyRequest().authenticated();
问题是即使在成功验证后,也会始终调用commence()。这是为什么?