我无法在 SO 上找到答案(例如这里 。Spring Security: Commence method in class extends BasicAuthenticationEntryPoint no being called)
我只想覆盖 BasicAuthenticationEntryPoint 而不覆盖其他过滤器和其他人员:
<bean id="authenticationEntryPoint" name="authenticationEntryPoint"
class="com.myclass.BasicAuthenticationEntryPoint">
<property name="realmName" value="myapp" />
</bean>
不幸的是,它不起作用,我需要配置过滤器。
<security:http auto-config="true" ..
<sec:custom-filter ref="basicAuthenticationFilter"
before="BASIC_AUTH_FILTER" />
</sec:http>
<bean id="basicAuthenticationFilter"
class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter">
<constructor-arg name="authenticationManager" ref="authenticationManager" />
<constructor-arg name="authenticationEntryPoint" ref="authenticationEntryPoint" />
</bean>
然后我有这个警告。
WARN 2015-10-29 09:44:05,330 [localhost-startStop-1::DefaultFilterChainValidator] [user:system] Possible error: Filters at position 2 and 3 are both instances of org.springframework.security.web.authentication.www.BasicAuthenticationFilter
因此我需要禁用自动配置,但我不想这样做:
<security:http auto-config="false" ...
在 SpringSecurity 4 中覆盖 BasicAuthenticationEntryPoint 的最简单方法是什么?