春季安全性:BadCredendtials异常未由链处理且未返回401

时间:2019-03-22 13:41:35

标签: java spring spring-security jwt

早上好

我正在关注this tutorial,以便使jwt令牌可以使用spring security。

*我的环境版本* 春季靴:2.0.1发布

Spring安全配置 

@Override
protected void configure(final HttpSecurity http) throws Exception {
    http
            .cors().configurationSource(request -> getCorsConfiguration())
            .and()
            .sessionManagement()
            .sessionCreationPolicy(STATELESS)
            .and()
            .exceptionHandling()
            .defaultAuthenticationEntryPointFor(forbiddenEntryPoint(), PROTECTED_URLS)
            .and()
            .authenticationProvider(provider)
            .addFilterBefore(restAuthenticationFilter(), AnonymousAuthenticationFilter.class)
            .authorizeRequests()
            .requestMatchers(PROTECTED_URLS)
            .authenticated()
            .and()
            .csrf().disable()
            .formLogin().disable()
            .httpBasic().disable()
            .logout().disable();
}
@Bean
TokenAuthenticationFilter restAuthenticationFilter() throws Exception {
    final TokenAuthenticationFilter filter = new TokenAuthenticationFilter(PROTECTED_URLS);
    filter.setAuthenticationManager(authenticationManager());
    filter.setAuthenticationSuccessHandler(successHandler());
    return filter;
}

@Bean
SimpleUrlAuthenticationSuccessHandler successHandler() {
    final SimpleUrlAuthenticationSuccessHandler successHandler = new SimpleUrlAuthenticationSuccessHandler();
    successHandler.setRedirectStrategy((HttpServletRequest request, HttpServletResponse response, String url) -> {
        // no redirection strategy
    });
    return successHandler;
}

/**
 * Disable Spring boot automatic filter registration.
 */
@Bean
FilterRegistrationBean disableAutoRegistration(final TokenAuthenticationFilter filter) {
    final FilterRegistrationBean registration = new FilterRegistrationBean(filter);
    registration.setEnabled(false);
    return registration;
}

@Bean
AuthenticationEntryPoint forbiddenEntryPoint() {
    return new HttpStatusEntryPoint(FORBIDDEN);
}

上下文:

如果令牌与预期不符,令牌认证过滤器将引发BadCredentialsException。

预期行为:

弹簧链将捕获此错误,并将401错误返回给用户。

当前行为:

服务器崩溃,出现500错误。 Spring Security无法处理该错误。

0 个答案:

没有答案
相关问题
最新问题