在我的项目中,我需要更改authenticationEntryPoint,因为我正在使用OAuth 2,该重定向将每个未授权用户重定向到通过Google页面登录,因此我想为每个试图打开安全页面的未授权用户简单地发送403 Forbidden。我创建了自定义AuthenticationEntryPoint:
public class ForbiddenEntryPoint implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN,"Pls,authorize! ");
}
}
这是我的安全配置:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableOAuth2Sso
public class SecurityConfig extends WebSecurityConfigurerAdapter {
.....
@Override
public void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.authorizeRequests()//
.antMatchers("/user/login").permitAll()
.anyRequest().authenticated();
http.exceptionHandling().authenticationEntryPoint(new ForbiddenEntryPoint());
http.apply(new JwtFilterConfiguer(provider));
}
.....
但是问题是当我打开任何页面(甚至用户/登录名)时,我都被禁止了,请授权。我只希望以未授权用户身份打开安全页面时授权端点工作。怎么做呢?谢谢。