覆盖 ServerHttpSecurity 中的默认入口点
Overriding default entry point in ServerHttpSecurity
我使用以下 ServerHttpSecurity 链:
@Bean
fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
http
// ..filters
.authorizeExchange().anyExchange()
.access(CustomHaveAnyAuthority())
// authentication
.and()
.httpBasic()
.and()
.oauth2ResourceServer().jwt()
.authenticationManager(CustomAuthenticationService())
return http.build()
}
然而,在较新的 Spring Security 5.5.0(从 5.3.3.RELEASE 升级)中,在请求没有授权的端点时会回退到 BearerTokenServerAuthenticationEntryPoint HttpBasicServerAuthenticationEntryPoint.
如何覆盖此行为?我尝试了上面的方法,但是没有用。
来自应用程序的日志:
2021-06-02 11:50:43,206 [boundedElastic-1] DEBUG o.s.s.w.s.a.DelegatingReactiveAuthorizationManager - Checking authorization on '/endpoint' using org.springframework.security.authorization.AuthorityReactiveAuthorizationManager@73302f30
2021-06-02 11:50:43,216 [boundedElastic-1] DEBUG o.s.s.w.s.authorization.AuthorizationWebFilter - Authorization failed: Access Denied
2021-06-02 11:50:43,220 [boundedElastic-1] DEBUG o.s.s.w.s.c.WebSessionServerSecurityContextRepository - No SecurityContext found in WebSession: 'org.springframework.web.server.session.InMemoryWebSessionStore$InMemoryWebSession@921515f'
2021-06-02 11:50:43,221 [boundedElastic-1] DEBUG o.s.s.w.s.DelegatingServerAuthenticationEntryPoint - Trying to match using OrServerWebExchangeMatcher{matchers=[org.springframework.security.config.web.server.ServerHttpSecurity$HttpBasicSpec$$Lambda73/0x0000000100b00040@73874030, AndServerWebExchangeMatcher{matchers=[NegatedServerWebExchangeMatcher{matcher=MediaTypeRequestMatcher [matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[]]}, MediaTypeRequestMatcher [matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[*/*]]]}]}
2021-06-02 11:50:43,221 [boundedElastic-1] DEBUG o.s.s.w.s.util.matcher.OrServerWebExchangeMatcher - Trying to match using org.springframework.security.config.web.server.ServerHttpSecurity$HttpBasicSpec$$Lambda73/0x0000000100b00040@73874030
2021-06-02 11:50:43,222 [boundedElastic-1] DEBUG o.s.s.w.s.util.matcher.OrServerWebExchangeMatcher - Trying to match using AndServerWebExchangeMatcher{matchers=[NegatedServerWebExchangeMatcher{matcher=MediaTypeRequestMatcher [matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[]]}, MediaTypeRequestMatcher [matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[*/*]]]}
2021-06-02 11:50:43,227 [boundedElastic-1] DEBUG o.s.s.w.s.util.matcher.AndServerWebExchangeMatcher - Trying to match using NegatedServerWebExchangeMatcher{matcher=MediaTypeRequestMatcher [matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[]]}
2021-06-02 11:50:43,227 [boundedElastic-1] DEBUG o.s.s.w.s.u.m.MediaTypeServerWebExchangeMatcher - httpRequestMediaTypes=[text/html, application/xhtml+xml, image/avif, image/webp, image/apng, application/xml;q=0.9, application/signed-exchange;v=b3;q=0.9, */*;q=0.8]
2021-06-02 11:50:43,227 [boundedElastic-1] DEBUG o.s.s.w.s.u.m.MediaTypeServerWebExchangeMatcher - Processing text/html
2021-06-02 11:50:43,227 [boundedElastic-1] DEBUG o.s.s.w.s.u.m.MediaTypeServerWebExchangeMatcher - text/html .isCompatibleWith text/html = true
2021-06-02 11:50:43,228 [boundedElastic-1] DEBUG o.s.s.w.s.u.m.NegatedServerWebExchangeMatcher - matches = false
2021-06-02 11:50:43,228 [boundedElastic-1] DEBUG o.s.s.w.s.util.matcher.AndServerWebExchangeMatcher - Did not match
2021-06-02 11:50:43,228 [boundedElastic-1] DEBUG o.s.s.w.s.util.matcher.OrServerWebExchangeMatcher - No matches found
2021-06-02 11:50:43,229 [boundedElastic-1] DEBUG o.s.s.w.s.DelegatingServerAuthenticationEntryPoint - Trying to match using org.springframework.security.web.server.authentication.AuthenticationConverterServerWebExchangeMatcher@21307a04
2021-06-02 11:50:43,229 [boundedElastic-1] DEBUG o.s.s.w.s.DelegatingServerAuthenticationEntryPoint - No match found. Using default entry point org.springframework.security.oauth2.server.resource.web.server.BearerTokenServerAuthenticationEntryPoint@24d2ea8a
谢谢
您可以定义自己的异常处理方式,如下所示:
@Bean
fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
http
.authorizeExchange().anyExchange()
.access(CustomHaveAnyAuthority())
.and()
.httpBasic()
.and()
.oauth2ResourceServer().jwt()
.authenticationManager(CustomAuthenticationService())
.exceptionHandling()
.authenticationEntryPoint(HttpBasicServerAuthenticationEntryPoint())
return http.build()
}
我使用以下 ServerHttpSecurity 链:
@Bean
fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
http
// ..filters
.authorizeExchange().anyExchange()
.access(CustomHaveAnyAuthority())
// authentication
.and()
.httpBasic()
.and()
.oauth2ResourceServer().jwt()
.authenticationManager(CustomAuthenticationService())
return http.build()
}
然而,在较新的 Spring Security 5.5.0(从 5.3.3.RELEASE 升级)中,在请求没有授权的端点时会回退到 BearerTokenServerAuthenticationEntryPoint HttpBasicServerAuthenticationEntryPoint.
如何覆盖此行为?我尝试了上面的方法,但是没有用。
来自应用程序的日志:
2021-06-02 11:50:43,206 [boundedElastic-1] DEBUG o.s.s.w.s.a.DelegatingReactiveAuthorizationManager - Checking authorization on '/endpoint' using org.springframework.security.authorization.AuthorityReactiveAuthorizationManager@73302f30
2021-06-02 11:50:43,216 [boundedElastic-1] DEBUG o.s.s.w.s.authorization.AuthorizationWebFilter - Authorization failed: Access Denied
2021-06-02 11:50:43,220 [boundedElastic-1] DEBUG o.s.s.w.s.c.WebSessionServerSecurityContextRepository - No SecurityContext found in WebSession: 'org.springframework.web.server.session.InMemoryWebSessionStore$InMemoryWebSession@921515f'
2021-06-02 11:50:43,221 [boundedElastic-1] DEBUG o.s.s.w.s.DelegatingServerAuthenticationEntryPoint - Trying to match using OrServerWebExchangeMatcher{matchers=[org.springframework.security.config.web.server.ServerHttpSecurity$HttpBasicSpec$$Lambda73/0x0000000100b00040@73874030, AndServerWebExchangeMatcher{matchers=[NegatedServerWebExchangeMatcher{matcher=MediaTypeRequestMatcher [matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[]]}, MediaTypeRequestMatcher [matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[*/*]]]}]}
2021-06-02 11:50:43,221 [boundedElastic-1] DEBUG o.s.s.w.s.util.matcher.OrServerWebExchangeMatcher - Trying to match using org.springframework.security.config.web.server.ServerHttpSecurity$HttpBasicSpec$$Lambda73/0x0000000100b00040@73874030
2021-06-02 11:50:43,222 [boundedElastic-1] DEBUG o.s.s.w.s.util.matcher.OrServerWebExchangeMatcher - Trying to match using AndServerWebExchangeMatcher{matchers=[NegatedServerWebExchangeMatcher{matcher=MediaTypeRequestMatcher [matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[]]}, MediaTypeRequestMatcher [matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[*/*]]]}
2021-06-02 11:50:43,227 [boundedElastic-1] DEBUG o.s.s.w.s.util.matcher.AndServerWebExchangeMatcher - Trying to match using NegatedServerWebExchangeMatcher{matcher=MediaTypeRequestMatcher [matchingMediaTypes=[text/html], useEquals=false, ignoredMediaTypes=[]]}
2021-06-02 11:50:43,227 [boundedElastic-1] DEBUG o.s.s.w.s.u.m.MediaTypeServerWebExchangeMatcher - httpRequestMediaTypes=[text/html, application/xhtml+xml, image/avif, image/webp, image/apng, application/xml;q=0.9, application/signed-exchange;v=b3;q=0.9, */*;q=0.8]
2021-06-02 11:50:43,227 [boundedElastic-1] DEBUG o.s.s.w.s.u.m.MediaTypeServerWebExchangeMatcher - Processing text/html
2021-06-02 11:50:43,227 [boundedElastic-1] DEBUG o.s.s.w.s.u.m.MediaTypeServerWebExchangeMatcher - text/html .isCompatibleWith text/html = true
2021-06-02 11:50:43,228 [boundedElastic-1] DEBUG o.s.s.w.s.u.m.NegatedServerWebExchangeMatcher - matches = false
2021-06-02 11:50:43,228 [boundedElastic-1] DEBUG o.s.s.w.s.util.matcher.AndServerWebExchangeMatcher - Did not match
2021-06-02 11:50:43,228 [boundedElastic-1] DEBUG o.s.s.w.s.util.matcher.OrServerWebExchangeMatcher - No matches found
2021-06-02 11:50:43,229 [boundedElastic-1] DEBUG o.s.s.w.s.DelegatingServerAuthenticationEntryPoint - Trying to match using org.springframework.security.web.server.authentication.AuthenticationConverterServerWebExchangeMatcher@21307a04
2021-06-02 11:50:43,229 [boundedElastic-1] DEBUG o.s.s.w.s.DelegatingServerAuthenticationEntryPoint - No match found. Using default entry point org.springframework.security.oauth2.server.resource.web.server.BearerTokenServerAuthenticationEntryPoint@24d2ea8a
谢谢
您可以定义自己的异常处理方式,如下所示:
@Bean
fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
http
.authorizeExchange().anyExchange()
.access(CustomHaveAnyAuthority())
.and()
.httpBasic()
.and()
.oauth2ResourceServer().jwt()
.authenticationManager(CustomAuthenticationService())
.exceptionHandling()
.authenticationEntryPoint(HttpBasicServerAuthenticationEntryPoint())
return http.build()
}