问题
I am using Spring-security 4.0.4.
I was trying to set the security configurations for the response headers as below-
<sec:http use-expressions="true">
<sec:headers defaults-disabled="true"/>
</sec:http>
This setting is to disable the security components in the security header.
However, if this setting is done then the following exception is thrown during the server startup.
Caused by: org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: No AuthenticationEntryPoint could be established. Please make sure you have a login mechanism configured through the namespace (such as form-login) or specify a custom AuthenticationEntryPoint with the 'entry-point-ref' attribute
As per the error, the settings requires form-login to be used with the above setting.Could someone please let me know why it is so?
回答1:
authentication entry point (i.e. where the authentication process is triggered by an attempt by an unauthenticated user to access to a secured resource)
You can config the entry-point-ref for you own entry point that implements AuthenticationEntryPoint, like following config
<http entry-point-ref="youOwnEntrypoint">
Or you can just set the auto-config to true, it will register a login form, BASIC authentication, logout services automatically.
<http auto-config="true" >
来源:https://stackoverflow.com/questions/41142155/no-authenticationentrypoint-could-be-established-please-make-sure-you-have-a-lo