问题描述

我已经挣扎了好几天了。我是Spring Boot的新手，并且喜欢不使用XML配置。

I've been struggling for a few days now. I'm kind of new in Spring Boot, and like the idea of not using XML configuration.

我创建了一个RESTfull应用程序（带有JSON）。我正在关注正确配置身份验证。

I created a RESTfull application (with JSON). I'm following this tutorial to configure authentication properly.

我认为我设法使用Java配置重现几乎所有配置，除了一个事物 - AuthenticationEntryPoint

I think I managed to reproduce almost all of its configurations using Java configuration, except for one thing - AuthenticationEntryPoint

本教程使用 http 这样标记，并按以下方式定义 formLogin ：

The tutorial uses a property in http tag like this and defines a formLogin in the following way:

<http entry-point-ref="restAuthenticationEntryPoint">

  <intercept-url pattern="/api/admin/**" access="ROLE_ADMIN"/>

  <form-login
     authentication-success-handler-ref="mySuccessHandler"
     authentication-failure-handler-ref="myFailureHandler"
  />

  <logout />

</http>

说：

The AuthenticationEntryPoint explanation in the Spring Security manual says:

未提及有关如何使用Java配置执行此操作的信息。

Doesn't mention anything about how to do it using Java Configuration.

那么如何在没有XML的情况下注册我自己的 restAuthenticationEntryPoint ，以防止在使用 formLogin ？

So how can I "register" my own restAuthenticationEntryPoint without XML in order to prevent the redirection to a login form when using formLogin?

下面我将提到我的尝试。

Below I will mention what I have tried.

谢谢大家。

在我的尝试中，发现你可以使用 basicAuth 来定义它：

In my attempts, found you can define it using basicAuth like this:

@Configuration
@Order(1)                                                        
public static class RestWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {


        if (restAuthenticationEntryPoint == null) {
            restAuthenticationEntryPoint = new RestAuthenticationEntryPoint();
        }

        http
            .authorizeRequests()
                .antMatchers("/**").hasAnyRole(Sec.ADMIN,Sec.SUPER_USER)
...
        .and()
            .httpBasic()
                .authenticationEntryPoint(restAuthenticationEntryPoint)

但我正在使用这样的表单登录（没有 httpBasic 部分）：

But I'm using a form login like this (without the httpBasic part):

        .and()
            .formLogin()
                .successHandler(mySavedRequestAwareAuthenticationSuccessHandler)
                .failureHandler(simpleUrlAuthenticationFailureHandler)

问题是当它没有收到凭据时会重定向到登录表单。由于这是一个REST服务，它不应该。

The problem is it redirects to a login form when it doesn't receive credentials. Since this is a REST service it shouldn't.

>（类 .formLogin（）使用）说：

填充以下共享对象

AuthenticationEntryPoint

但无法找到覆盖它的方法。

有什么想法吗？

But couldn't find a way to override it.
Any ideas?

PS

不要认为将登录表格覆盖到以下是个好主意一个只返回错误的自定义。

P.S.
Don't think it would be a good idea to override the login form to a custom one that only returns the error.

推荐答案

您提供的参考文档中的引用指向 http.exceptionHandling（）。您可以在那里设置共享入口点。

The quote from the ref docs you provided is pointing you at http.exceptionHandling(). You can set up the shared entry point there.

http.exceptionHandling().authenticationEntryPoint(myEntryPoint);