Spring 重写ServerHttpSecurity中的默认入口点_Spring_Spring Boot_Kotlin_Spring Security

Spring 重写ServerHttpSecurity中的默认入口点

spring spring-boot kotlin spring-security

Spring 重写ServerHttpSecurity中的默认入口点,spring,spring-boot,kotlin,spring-security,Spring,Spring Boot,Kotlin,Spring Security,我使用以下ServerHttpSecurity链： @Bean fun-springSecurityFilterChain（http:ServerHttpSecurity）：SecurityWebFilterChain{ http //..过滤器 .authorizeExchange（）.anyExchange（） .access（CustomHaveAnyAuthority（）） //认证 .及() .httpBasic（） .及() .oauth2ResourceServer（）.jwt（）

我使用以下ServerHttpSecurity链：

@Bean
fun-springSecurityFilterChain（http:ServerHttpSecurity）：SecurityWebFilterChain{
http
//..过滤器
.authorizeExchange（）.anyExchange（）
.access（CustomHaveAnyAuthority（））
//认证
.及()
.httpBasic（）
.及()
.oauth2ResourceServer（）.jwt（）
.authenticationManager（CustomAuthenticationService（））
返回http.build（）
}

但是，在较新的SpringSecurity5.5.0（从5.3.3.RELEASE升级）中，在未经授权的情况下请求终结点到BearTokenServerAuthenticationEntryPoint而不是HttpBasicServerAuthenticationEntryPoint时会出现回退

我怎样才能克服这种行为？我试图采用上述方法，但没有奏效

来自应用程序的日志：

2021-06-02 11:50:43,206 [boundedElastic-1] DEBUG o.s.s.w.s.a.DelegatingReactiveAuthorizationManager - Checking authorization on '/endpoint' using org.springframework.security.authorization.AuthorityReactiveAuthorizationManager@73302f30
2021-06-02 11:50:43,216 [boundedElastic-1] DEBUG o.s.s.w.s.authorization.AuthorizationWebFilter - Authorization failed: Access Denied
2021-06-02 11:50:43,220 [boundedElastic-1] DEBUG o.s.s.w.s.c.WebSessionServerSecurityContextRepository - No SecurityContext found in WebSession: 'org.springframework.web.server.session.InMemoryWebSessionStore$InMemoryWebSession@921515f'
2021-06-02 11:50:43,221 [boundedElastic-1] DEBUG o.s.s.w.s.DelegatingServerAuthenticationEntryPoint - Trying to match using OrServerWebExchangeMatcher{matchers=[org.springframework.security.config.web.server.ServerHttpSecurity$HttpBasicSpec$$Lambda$1073/0x0000000100b00040@73874030, AndServerWebExchangeMatcher{matchers=[NegatedServerWebExchangeMatcher{matcher=MediaTypeRequestMatcher [matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[]]}, MediaTypeRequestMatcher [matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[*/*]]]}]}
2021-06-02 11:50:43,221 [boundedElastic-1] DEBUG o.s.s.w.s.util.matcher.OrServerWebExchangeMatcher - Trying to match using org.springframework.security.config.web.server.ServerHttpSecurity$HttpBasicSpec$$Lambda$1073/0x0000000100b00040@73874030
2021-06-02 11:50:43,222 [boundedElastic-1] DEBUG o.s.s.w.s.util.matcher.OrServerWebExchangeMatcher - Trying to match using AndServerWebExchangeMatcher{matchers=[NegatedServerWebExchangeMatcher{matcher=MediaTypeRequestMatcher [matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[]]}, MediaTypeRequestMatcher [matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[*/*]]]}
2021-06-02 11:50:43,227 [boundedElastic-1] DEBUG o.s.s.w.s.util.matcher.AndServerWebExchangeMatcher - Trying to match using NegatedServerWebExchangeMatcher{matcher=MediaTypeRequestMatcher [matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[]]}
2021-06-02 11:50:43,227 [boundedElastic-1] DEBUG o.s.s.w.s.u.m.MediaTypeServerWebExchangeMatcher - httpRequestMediaTypes=[text/html, application/xhtml+xml, image/avif, image/webp, image/apng, application/xml;q=0.9, application/signed-exchange;v=b3;q=0.9, */*;q=0.8]
2021-06-02 11:50:43,227 [boundedElastic-1] DEBUG o.s.s.w.s.u.m.MediaTypeServerWebExchangeMatcher - Processing text/html
2021-06-02 11:50:43,227 [boundedElastic-1] DEBUG o.s.s.w.s.u.m.MediaTypeServerWebExchangeMatcher - text/html .isCompatibleWith text/html = true
2021-06-02 11:50:43,228 [boundedElastic-1] DEBUG o.s.s.w.s.u.m.NegatedServerWebExchangeMatcher - matches = false
2021-06-02 11:50:43,228 [boundedElastic-1] DEBUG o.s.s.w.s.util.matcher.AndServerWebExchangeMatcher - Did not match
2021-06-02 11:50:43,228 [boundedElastic-1] DEBUG o.s.s.w.s.util.matcher.OrServerWebExchangeMatcher - No matches found
2021-06-02 11:50:43,229 [boundedElastic-1] DEBUG o.s.s.w.s.DelegatingServerAuthenticationEntryPoint - Trying to match using org.springframework.security.web.server.authentication.AuthenticationConverterServerWebExchangeMatcher@21307a04
2021-06-02 11:50:43,229 [boundedElastic-1] DEBUG o.s.s.w.s.DelegatingServerAuthenticationEntryPoint - No match found. Using default entry point org.springframework.security.oauth2.server.resource.web.server.BearerTokenServerAuthenticationEntryPoint@24d2ea8a

谢谢

您可以定义自己处理异常的方法，如下所示：

@Bean
fun-springSecurityFilterChain（http:ServerHttpSecurity）：SecurityWebFilterChain{
http
.authorizeExchange（）.anyExchange（）
.access（CustomHaveAnyAuthority（））
.及()
.httpBasic（）
.及()
.oauth2ResourceServer（）.jwt（）
.authenticationManager（CustomAuthenticationService（））
.例外处理（）
.authenticationEntryPoint（HttpBasicServerAuthenticationEntryPoint（））
返回http.build（）
}

设法让它像这样工作：.exceptionHandling（）.authenticationEntryPoint（HttpBasicServerAuthenticationEntryPoint（）），使用这种方法有什么缺点吗？没有，实际上我使用了非反应类，我要更新我的答案。没有注意到：）