为了摆脱WhiteLabel错误页面,我实现了一个CustomErrorController:
@RestController
public class CustomErrorController implements ErrorController {
private static final String PATH = "/error";
private final CustomErrorAttributes customErrorAttributes;
@Value("${debug}")
private boolean debug;
@Autowired
public CustomErrorController(CustomErrorAttributes customErrorAttributes) {
this.customErrorAttributes = customErrorAttributes;
}
@Override
public String getErrorPath() {
return PATH;
}
@RequestMapping(value = PATH)
ResponseEntity<Map<String, Object>> error(HttpServletRequest request) {
RequestAttributes requestAttributes = new ServletRequestAttributes(request);
Map<String, Object> map = customErrorAttributes.getErrorAttributes(requestAttributes, debug);
return ResponseEntity.badRequest().body(map);
}
}
但是这样的配置破坏了我的基本身份验证实现。我没有看到一个登录/密码弹出窗口,而是跟随我提出的每个请求:
{
"error": "Unauthorized",
"message": "Full authentication is required to access this resource",
"status": 401,
"timestamp": 1513332317263
}
如何仅针对错误请求保留错误?
我的WebSecurityConfigurerAdapter配置方法如下所示:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated()
.and()
.csrf().disable()
.httpBasic();
}