当我尝试访问不存在的端点时,即使成功通过授权,AuthenticationEntryPoint 也会触发。如何让它进入 404 页面?
这是我的 Spring Security 配置
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http
.cors().and()
.csrf().disable()
.exceptionHandling()
.authenticationEntryPoint(customAuthenticationEntryPoint()).and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeHttpRequests()
.requestMatchers("/api/auth/**").permitAll()
.anyRequest().authenticated().and()
.addFilterBefore(jwtTokenFilter, UsernamePasswordAuthenticationFilter.class)
.build();
}
最佳答案
您需要允许对 /error
路径的所有请求。
.requestMatchers("/error").permitAll()
关于java - Spring Security — 'Full authentication is required to access this resource' 表示不存在的端点,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/75858723/