想法:我想用HTTP基本身份驗證保護Spring Web MVC的每個站點,但希望通過錯誤頁面重定向的40 *或500服務器錯誤/歡迎(當然用戶必須進行身份驗證,否則他會看到基本的身份驗證對話框)。保護在web.xml中彈簧安全和錯誤頁面的Spring MVC應用程序
問題:每次嘗試訪問該站點時,都會按預期彈出基本認證對話框。但是,當我取消對話,即取消取消,我登陸受保護的歡迎頁面[並查看所有重要/安全信息] - 沒有基本的身份驗證對話框!
樣品控制器:
@Controller
public class WelcomeController
{
// Welcome is a protected site!
@RequestMapping(value = {"/", "/welcome"}, method = RequestMethod.GET)
public ModelAndView welcome()
{
return new ModelAndView("welcome");
}
}
安全配置:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter
{
@Override
protected void configure(HttpSecurity security) throws Exception
{
// Set the security settings
security.httpBasic().and().authorizeRequests().anyRequest().authenticated().and().csrf();
}
}
的web.xml:
<?xml version="1.0" encoding="UTF-8"?>
... Snipped ...
<servlet-mapping>
<servlet-name>testapp</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<error-page>
<error-code>400</error-code>
<location>/welcome</location>
</error-page>
<error-page>
<error-code>401</error-code>
<location>/welcome</location>
</error-page>
<error-page>
<error-code>403</error-code>
<location>/welcome</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/welcome</location>
</error-page>
<error-page>
<error-code>500</error-code>
<location>/welcome</location>
</error-page>
</web-app>
你找到一個解決辦法? –