当我用正确的用户名和密码发送PUT请求时,它工作正常。但是当我用错误的密码发送请求时,我收到了401,这是好的,但我有2个WWW-Authenticate标头:
响应头:HTTP / 1.1 401
WWW-Authenticate:Digest realm =“NOKIA.COM”,qop =“auth”,nonce =“MTU1MjM3MDk2MDQ2MjpmOWNjYjVmNGU5ODA0ZmYYYWY0MjIxNDlhY2U2ODJiMQ ==”
X-Content-Type-Options:nosniff X-XSS-Protection:1; mode = block Cache-Control:no-cache,no-store,max-age = 0,must-revalidate Pragma:no-cache Expires:0 X-Frame-Options:DENY
WWW-Authenticate:Digest realm =“NOKIA.COM”,qop =“auth”,nonce =“MTU1MjM3MDk2MDQ2NjoxOTQ4MDhjNzBjYjkyMGI1Y2Q2YjU3OGMyMTM2NmE3OQ ==”
内容长度:0日期:星期二,2019年3月12日06:08:20 GMT
@EnableWebSecurity
@Configuration @Component公共类WebSecurityConfig扩展了WebSecurityConfigurerAdapter {
@Autowired
DummyUserService userDetail;
@Autowired
DigestAuthenticationFilter digestFilter;
@Autowired
DigestAuthenticationEntryPoint digestEntryPoint;
@Override
protected void configure( HttpSecurity http ) throws Exception
{
http.addFilter(digestFilter) // register digest entry point
.exceptionHandling().authenticationEntryPoint(digestEntryPoint) // on exception ask for digest authentication
.and()
.authorizeRequests()
.anyRequest().authenticated()
.and().csrf().disable();
http.httpBasic().disable();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new PasswordEncoder() {
@Override
public String encode(CharSequence rawPassword) {
return rawPassword.toString();
}
@Override
public boolean matches(CharSequence rawPassword, String encodedPassword) {
return rawPassword.toString().equals(encodedPassword);
}
};
}
}
@Bean
DigestAuthenticationFilter digestFilter( DigestAuthenticationEntryPoint digestAuthenticationEntryPoint,
UserCache digestUserCache, UserDetailsService userDetailsService )
{
DigestAuthenticationFilter filter = new DigestAuthenticationFilter();
filter.setAuthenticationEntryPoint( digestAuthenticationEntryPoint );
filter.setUserDetailsService( userDetailsService );
filter.setUserCache( digestUserCache );
return filter;
}
@Bean
UserCache digestUserCache() throws Exception
{
return new SpringCacheBasedUserCache( new ConcurrentMapCache( "digestUserCache" ) );
}
@Bean
DigestAuthenticationEntryPoint digestAuthenticationEntry()
{
DigestAuthenticationEntryPoint digestAuthenticationEntry = new DigestAuthenticationEntryPoint();
digestAuthenticationEntry.setRealmName( "XXX.COM" );
digestAuthenticationEntry.setKey( "XXX" );
digestAuthenticationEntry.setNonceValiditySeconds( 60 );
return digestAuthenticationEntry;
}
请有人给我一些帮助。非常感谢!
我自己解决了这个问题。对于具有不正确身份验证的请求,digestAuthenticationEntryPoint由digestFilter和exceptionFilter两次调用。
覆盖DigestAuthenticationEntryPoint:
public class CustomDigestAuthenticationEntryPoint extends DigestAuthenticationEntryPoint
{
@Override
public void commence( HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException )
throws IOException, ServletException
{
HttpServletResponse httpResponse = ( HttpServletResponse ) response;
String authHeader = httpResponse.getHeader( "WWW-Authenticate" );
if( authHeader != null )
{
httpResponse.sendError( HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase() );
}
else
{
super.commence( request, httpResponse, authException );
}
}
}