英文:
How to preserve HTTP Status for response when using SimpleUrlAuthenticationFailureHandler?
问题
在Spring Boot应用程序中使用Spring Security 6,我想使用SimpleUrlAuthenticationFailureHandler并将HTTP状态码设置为401:
public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(
HttpServletRequest request,
HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
/* 应该让XHR请求更容易区分成功和失败。 */
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
super.setDefaultFailureUrl(LOGIN_FAILURE_URL);
super.onAuthenticationFailure(request, response, exception);
}
}
不幸的是,在onAuthenticationFailure方法中设置的状态代码未传递到LOGIN_FAILURE_URL端点。相反,状态代码被设置为200。
是否有一种方法可以在整个周期内保留一旦设置的HTTP状态代码?
非常感谢您的任何帮助
英文:
In a Spring Boot application with Spring Security 6 I wanna use a SimpleUrlAuthenticationFailureHandler and set the HTTP Staus Code to 401:
public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(
HttpServletRequest request,
HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
/* Should make it easier for XHR requests to distinguish between success and failure. */
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
super.setDefaultFailureUrl(LOGIN_FAILURE_URL);
super.onAuthenticationFailure(request, response, exception);
}
}
Unfortunately the status code set in the onAuthenticationFailure method doesn't make it to the LOGIN_FAILURE_URL endpoint. Instead, the status code gets being set to 200.
Is there a way to preserve the HTTP Status Code during the whole cycle, once being set?
<b>Many thanks for any help</b>
答案1
得分: 1
我猜这是因为默认情况下,SimpleUrlAuthenticationFailureHandler 会发送一个HTTP重定向请求到失败的URL。这是一个新的HTTP请求,因此你在之前请求的响应中配置的HTTP状态码将不会被保留。
所以尝试配置CustomAuthenticationFailureHandler 来转发请求到失败的URL,而不是进行HTTP重定向:
public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(
HttpServletRequest request,
HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
/* 应该使XHR请求更容易区分成功和失败。 */
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
super.setUseForward(true);
super.setDefaultFailureUrl(LOGIN_FAILURE_URL);
super.onAuthenticationFailure(request, response, exception);
}
}
英文:
I guess it is because by default SimpleUrlAuthenticationFailureHandler sends a HTTP redirect request to the failure URL . It is a new HTTP request and hence the HTTP status code you configured in the previous request 's response will not be preserved.
So try to configure CustomAuthenticationFailureHandler to forward the request to the failure URL rather than a HTTP redirect by :
public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(
HttpServletRequest request,
HttpServletResponse response,
AuthenticationException exception) throws IOException, ServletException {
/* Should make it easier for XHR requests to distinguish between success and failure. */
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
super.setUseForward(true);
super.setDefaultFailureUrl(LOGIN_FAILURE_URL);
super.onAuthenticationFailure(request, response, exception);
}
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论