Java 从Spring Boot中的基本身份验证中删除WWW authenticate标头
我正在使用SpringBoot设计RESTAPI。同时,我正在构建一个使用该API的SPA 为了安全起见,我选择了basicauth,它很容易设置。我现在面临的是401挑战问题。当我的SPA向我的API发出请求时,如果身份验证失败,浏览器将显示我想要删除的经典登录弹出窗口 当401响应还包含一个值为“Basic”的WWW authenticate标头时,我阅读并显示了这个弹出窗口 因此,根据Spring Security的说法,要删除此项,我将提供自己的AuthenticationEntryPoint。有点像默认情况下的Spring Boot。我尝试了这个方法,但不起作用,我在运行时得到了一个堆栈。有什么想法吗 这是我的密码Java 从Spring Boot中的基本身份验证中删除WWW authenticate标头,java,spring,authentication,spring-security,spring-boot,Java,Spring,Authentication,Spring Security,Spring Boot,我正在使用SpringBoot设计RESTAPI。同时,我正在构建一个使用该API的SPA 为了安全起见,我选择了basicauth,它很容易设置。我现在面临的是401挑战问题。当我的SPA向我的API发出请求时,如果身份验证失败,浏览器将显示我想要删除的经典登录弹出窗口 当401响应还包含一个值为“Basic”的WWW authenticate标头时,我阅读并显示了这个弹出窗口 因此,根据Spring Security的说法,要删除此项,我将提供自己的AuthenticationEntryPo
@Order(SecurityProperties.BASIC_AUTH_ORDER)
@Configuration
public class CustomWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
AuthenticationEntryPoint entryPoint = new CustomAuthenticationEntryPoint();
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
.regexMatchers("/api/.*").authenticated().and()
.httpBasic().authenticationEntryPoint(entryPoint).and()
.exceptionHandling().authenticationEntryPoint(entryPoint).and()
.csrf().disable();
}
}
mvn spring boot:run运行时得到的堆栈
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.springframework.boot.maven.AbstractRunMojo$LaunchRunner.run(AbstractRunMojo.java:467)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is org.springframework.security.config.annotation.AlreadyBuiltException: This object has already been built
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:599)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1123)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1018)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:510)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:296)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:772)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:838)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:537)
at org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:118)
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:752)
at org.springframework.boot.SpringApplication.doRun(SpringApplication.java:347)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:295)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1112)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1101)
at org.htulipe.WishlistApplication.main(WishlistApplication.java:44)
... 6 more
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is org.springframework.security.config.annotation.AlreadyBuiltException: This object has already been built
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:189)
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588)
... 26 more
Caused by: org.springframework.security.config.annotation.AlreadyBuiltException: This object has already been built
at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:44)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:105)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$7d149fcb.CGLIB$springSecurityFilterChain$6(<generated>)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$7d149fcb$$FastClassBySpringCGLIB$$208d4287.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:318)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$7d149fcb.springSecurityFilterChain(<generated>)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:162)
... 27 more
java.lang.reflect.InvocationTargetException
在sun.reflect.NativeMethodAccessorImpl.invoke0(本机方法)处
位于sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
在sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)中
位于java.lang.reflect.Method.invoke(Method.java:497)
位于org.springframework.boot.maven.AbstractRunMojo$LaunchRunner.run(AbstractRunMojo.java:467)
运行(Thread.java:745)
原因:org.springframework.beans.factory.BeanCreationException:创建名为“springSecurityFilterChain”的bean时出错,该bean在类路径资源[org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]中定义:通过工厂方法实例化bean失败;嵌套异常为org.springframework.beans.beanstantiationException:未能实例化[javax.servlet.Filter]:工厂方法“springSecurityFilterChain”引发异常;嵌套异常为org.springframework.security.config.annotation.AlreadyBuiltException:此对象已生成
位于org.springframework.beans.factory.support.ConstructorResolver.InstanceUsingFactoryMethod(ConstructorResolver.java:599)
位于org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.InstanceUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1123)
位于org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1018)
位于org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:510)
位于org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
位于org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
位于org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
位于org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
位于org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
位于org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:296)
位于org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
位于org.springframework.beans.factory.support.DefaultListableBeanFactory.PreInstanceSingleton(DefaultListableBeanFactory.java:772)
位于org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:838)
位于org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:537)
位于org.springframework.boot.context.embedded.EmbeddedWebApplicationContext.refresh(EmbeddedWebApplicationContext.java:118)
位于org.springframework.boot.SpringApplication.refresh(SpringApplication.java:752)
位于org.springframework.boot.SpringApplication.doRun(SpringApplication.java:347)
位于org.springframework.boot.SpringApplication.run(SpringApplication.java:295)
位于org.springframework.boot.SpringApplication.run(SpringApplication.java:1112)
位于org.springframework.boot.SpringApplication.run(SpringApplication.java:1101)
位于org.htulipe.WishlistApplication.main(WishlistApplication.java:44)
... 还有6个
原因:org.springframework.beans.beans实例化异常:未能实例化[javax.servlet.Filter]:工厂方法“springSecurityFilterChain”引发异常;嵌套异常为org.springframework.security.config.annotation.AlreadyBuiltException:此对象已生成
位于org.springframework.beans.factory.support.SimpleInstallationStrategy.instantiate(SimpleInstallationStrategy.java:189)
位于org.springframework.beans.factory.support.ConstructorResolver.InstanceUsingFactoryMethod(ConstructorResolver.java:588)
... 26多
原因:org.springframework.security.config.annotation.AlreadyBuiltException:此对象已生成
位于org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:44)
位于org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:105)
位于org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$7d149fcb.CGLIB$springSecurityFilterChain$6()
位于org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGLIB$$7d149fcb$$FastClassBySpringCGLIB$$208d4287.invoke()
位于org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)
位于org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:318)
位于org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerBySpringCGL
public class CustomAuthenticationEntryPoint extends BasicAuthenticationEntryPoint{
public CustomAuthenticationEntryPoint() {
this.setRealmName("Yolo");
}
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
throws IOException, ServletException {
response.setHeader("WWW-Authenticate", "FormBased");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage());
}
}
@Override
public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
oauthServer.checkTokenAccess("isAuthenticated()")
.allowFormAuthenticationForClients();
}
http.exceptionHandling()
.authenticationEntryPoint(new Http401AuthenticationEntryPoint("FormBased"));