java Sping Boot ,Spring Security返回状态401,而不是404,因为“没有找到HTTP请求的Map”

ecbunoof  于 2023-09-29  发布在  Java
关注(0)|答案(3)|浏览(101)

我正在使用Sping Boot 和Spring Security进行项目。Spring Security使用每个请求的session id验证header。如果会话ID无效或已过期,则将返回错误代码401。会话ID在到达控制器之前进行验证。
现在,我面临一个问题,如果用户输入一个没有有效会话ID的无效URL,响应代码仍然是401,因为会话ID首先被验证。我的预期是,如果URL无效,将返回错误代码404(未找到HTTP请求的Map)。换句话说,我想在验证会话ID之前验证URL。
有没有办法这样做,因为头中的会话id在到达控制器之前在GenericFilterBean中进行了验证?
任何帮助都是感激不尽的。谢谢

Java

3条答案

按热度按时间
webghufk

webghufk1#

您可以尝试在WebSecurityConfigurerAdapter类中配置访问设置。

  1. @Override
  2. protected void configure(HttpSecurity http) throws Exception {
  3.     http
  4.         .authorizeRequests()
  5.         .antMatchers("/secure/**").authenticated()
  6.         .and()
  7.         .authorizeRequests().anyRequest().permitAll();
  8. }

因此,过滤器不会为任何不匹配“/secure/**”模式的请求返回HTTP 401。

赞(0)分享  回复(0)举报  2023-09-29
iibxawm4

iibxawm42#

将此过滤器作为Spring Security中的第一个过滤器:

  1. public class NoHandlerFoundFilter extends OncePerRequestFilter {
  3.   private final DispatcherServlet dispatcherServlet;
  5.   public NoHandlerFoundFilter(DispatcherServlet dispatcherServlet) {
  6.     this.dispatcherServlet = dispatcherServlet;
  7.   }
  9.   @Override
  10.   protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
  11.     if (null == getHandler(request)) {
  12.       throw new NoHandlerFoundException(request.getMethod(), getRequestUri(request),
  13.           new ServletServerHttpRequest(request).getHeaders());
  14.     }
  15.     filterChain.doFilter(request, response);
  16.   }
  18.   private static String getRequestUri(HttpServletRequest request) {
  19.     String uri = (String) request.getAttribute(WebUtils.INCLUDE_REQUEST_URI_ATTRIBUTE);
  20.     if (uri == null) {
  21.       uri = request.getRequestURI();
  22.     }
  23.     return uri;
  24.   }
  26.   protected HandlerExecutionChain getHandler(HttpServletRequest request) {
  27.     if (dispatcherServlet.getHandlerMappings() != null) {
  28.       for (HandlerMapping mapping : dispatcherServlet.getHandlerMappings()) {
  29.         try {
  30.           HandlerExecutionChain handler = mapping.getHandler(request);
  31.           if (handler != null) {
  32.             return handler;
  33.           }
  34.         } catch (Exception ex) {
  35.           // Ignore
  36.         }
  37.       }
  38.     }
  39.     return null;
  40.   }
  41. }
展开查看全部
赞(0)分享  回复(0)举报  2023-09-29
oknwwptz

oknwwptz3#

  1. @Order(Ordered.HIGHEST_PRECEDENCE)
  2. @Component
  3. @Slf4j
  4. @WebFilter
  5. public class NoHandlerFoundFilter extends OncePerRequestFilter {
  7.   private final DispatcherServlet dispatcherServlet;
  9.   public NoHandlerFoundFilter(DispatcherServlet dispatcherServlet) {
  10.     this.dispatcherServlet = dispatcherServlet;
  11.   }
  13.   @Override
  14.   protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
  15.     try{
  16.         boolean flag = validateUrl(request, response);
  17.         if(flag)
  18.             filterChain.doFilter(request, response);
  19.     }catch (Exception ex){
  20.         log.error("URL Filter Chain Exception:", ex);
  21.         //throw new UrlNotFoundException(request, response, getRequestUri(request), ex);
  22.     }
  23.   }
  24.   private boolean validateUrl(HttpServletRequest request, HttpServletResponse response) throws NoHandlerFoundException, IOException {
  25.     if (null == getHandler(request)) {
  26.         Status errorStatus = this.getErrorStatus(HttpStatus.NOT_FOUND.toString(), "URL not found", null);
  27.         PlatformResponse errorResponse = new PlatformResponse();
  28.         errorResponse.setStatus(errorStatus);
  29.         response.setStatus(HttpStatus.NOT_FOUND.value());
  30.         response.getWriter().write(objectMapper.writeValueAsString(errorResponse));
  31.         return false;
  32.         //throw new UrlNotFoundException(request, response, "test", null);
  33.     }
  34.     return true;
  35.   }
  36.   private static String getRequestUri(HttpServletRequest request) {
  37.     String uri = (String) request.getAttribute(WebUtils.INCLUDE_REQUEST_URI_ATTRIBUTE);
  38.     if (uri == null) {
  39.       uri = request.getRequestURI();
  40.     }
  41.     return uri;
  42.   }
  44.   protected HandlerExecutionChain getHandler(HttpServletRequest request) {
  45.     if (dispatcherServlet.getHandlerMappings() != null) {
  46.       for (HandlerMapping mapping : dispatcherServlet.getHandlerMappings()) {
  47.         try {
  48.           HandlerExecutionChain handler = mapping.getHandler(request);
  49.           if (handler != null) {
  50.             return handler;
  51.           }
  52.         } catch (Exception ex) {
  53.           // Ignore
  54.         }
  55.       }
  56.     }
  57.     return null;
  58.   }
  59. }

稍微修改一下答案。
适用于springBootVersion: 3

展开查看全部
赞(0)分享  回复(0)举报  2023-09-29
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com