Spring Webflux 禁用登录
Mil*_*los 7 spring-security spring-boot spring-webflux
让我简短地描述一下我现在面临的问题。
\n我已经为 webflux 应用程序配置了 spring security,当我尝试访问不需要身份验证的路由时,我收到登录表单提示。路线是 /swagger-ui/ ,它应该在没有任何登录表单或其他内容的情况下打开。
\n下面是我在 SecurityWebFilterChain 中的代码
\n\n@Bean\npublic SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {\n //@formatter:off\n return http\n .formLogin().disable()\n .httpBasic().disable()\n .authenticationManager(authenticationManager)\n .securityContextRepository(securityContextRepository)\n .authorizeExchange()\n .pathMatchers(HttpMethod.OPTIONS).permitAll()\n .pathMatchers("/v2/api-docs", "/v3/api-docs", "/configuration/ui", "/swagger-resources",\n "/configuration/security", "/swagger-ui/", "/swagge\xe2\x80\x8c\xe2\x80\x8br-ui",\n "/webjars/**", "/swagger-resources/configuration/ui",\n "/swagger-resources/configuration/security").permitAll() // Allowed routes for swagger\n .pathMatchers("/api/auth", "/api/auth/**").permitAll() // Allowed routes for auth\n .and()\n .authorizeExchange()\n .anyExchange()\n .authenticated() // All other routes require authentication\n .and()\n .csrf().disable()\n .headers()\n .hsts()\n .includeSubdomains(true)\n .maxAge(Duration.ofSeconds(31536000))\n .and()\n .frameOptions().mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN)\n .and()\n .build();\n //@formatter:on\n }\n}\n如果有人有任何建议,请告诉我,我将不胜感激。这是我在浏览器中得到的图片。
\n
Mic*_*los 11
我也确实对这个问题很恼火。问题是,通过放入.httpBasic().disable()代码,您会期望 spring 跳过基本身份验证(该浏览器窗口),但事实并非如此。
相反,尝试ServerAuthenticationEntryPoint向.httpBasic().
最简单的一个是HttpStatusServerEntryPoint。
例如在您的代码中更改为:
***
return http
.formLogin().disable()
.httpBasic().authenticationEntryPoint(new HttpStatusServerEntryPoint(HttpStatus.UNAUTHORIZED))
.authenticationManager(authenticationManager)
***
通过更改,您的服务器将返回401 UNAUTHORIZEDHttpStatus 而不是浏览器窗口!干杯!
| 归档时间: |
|
| 查看次数: |
3167 次 |
| 最近记录: |