spring security 使用过程中,web.ignoring导致默认登录页404
问题
刚接触spring security,参考其他项目无意间写出了如下SecurityConfig类代码(当然,一开始没有这么简单,这是多次调试精简后能复现问题的代码):
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/error","/login"); //忽略这些页面请求的鉴权
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated() // 所有请求需要身份验证
.and()
.formLogin().permitAll(); // 登录页除外
}
}
运行服务器,访问页面结果如下:
打开debug日志有如下输出:
2020-02-20 23:44:47.157 DEBUG 15378 — [nio-8081-exec-4] o.s.web.servlet.DispatcherServlet : GET “/login”, parameters={}
2020-02-20 23:44:47.158 DEBUG 15378 — [nio-8081-exec-4] o.s.w.s.handler.SimpleUrlHandlerMapping : Mapped to ResourceHttpRequestHandler [“classpath:/META-INF/resources/”, “classpath:/resources/”, “classpath:/static/”, “classpath:/public/”, “/”]
2020-02-20 23:44:47.159 DEBUG 15378 — [nio-8081-exec-4] o.s.w.s.r.ResourceHttpRequestHandler : Resource not found
2020-02-20 23:44:47.159 DEBUG 15378 — [nio-8081-exec-4] o.s.web.servlet.DispatcherServlet : Completed 404 NOT_FOUND
2020-02-20 23:44:47.160 DEBUG 15378 — [nio-8081-exec-4] o.s.web.servlet.DispatcherServlet : “ERROR” dispatch for GET “/error”, parameters={}
2020-02-20 23:44:47.161 DEBUG 15378 — [nio-8081-exec-4] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
2020-02-20 23:44:47.163 DEBUG 15378 — [nio-8081-exec-4] o.s.w.s.v.ContentNegotiatingViewResolver : Selected ‘text/html’ given [text/html, text/html;q=0.8]
2020-02-20 23:44:47.163 DEBUG 15378 — [nio-8081-exec-4] o.s.web.servlet.DispatcherServlet : Exiting from “ERROR” dispatch, status 404