【发布时间】:2021-06-03 09:24:51
【问题描述】:
春季启动 2.4.3
如果用户没有操作权限,它会给出 403 响应,但没有任何响应正文。但是设置了标题WWW-Authenticate:
WWW-Authenticate: Bearer error="insufficient_scope", error_description="The request requires higher privileges than provided by the access token."
我仍然希望有一些带有消息的响应正文。我怎样才能实现它?
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic().disable()
.formLogin(AbstractHttpConfigurer::disable)
.csrf(AbstractHttpConfigurer::disable)
.authorizeRequests(authorize -> authorize
.mvcMatchers(HttpMethod.GET, "/app/**", "/admin/**").authenticated()
.mvcMatchers(HttpMethod.PUT, "/app/**", "/admin/**").authenticated()
.mvcMatchers(HttpMethod.POST, "/app/**", "/admin/**").authenticated()
)
.oauth2ResourceServer()
.jwt()
.jwtAuthenticationConverter(jwtAuthenticationConverter());
}
【问题讨论】:
标签: spring-security spring-oauth2