Authentication 无法使用UserName和PasswordToken进行身份验证，无法使用Spring安全设置Cookie_Authentication_Cookies_Spring Security_Session Management_Security Context

Authentication 无法使用UserName和PasswordToken进行身份验证，无法使用Spring安全设置Cookie

authentication cookies spring-security

Authentication 无法使用UserName和PasswordToken进行身份验证，无法使用Spring安全设置Cookie,authentication,cookies,spring-security,session-management,security-context,Authentication,Cookies,Spring Security,Session Management,Security Context,我正在构建SpringBoot/ReactJS应用程序，在验证用户身份和生成JSSESSIONID方面有以下问题我的SecurityConfig类如下所示： @Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserService userService; @Override

我正在构建SpringBoot/ReactJS应用程序，在验证用户身份和生成JSSESSIONID方面有以下问题

我的SecurityConfig类如下所示：

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserService userService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userService).passwordEncoder(bCryptPasswordEncoder());
    }

    @Override
    @Bean(BeanIds.AUTHENTICATION_MANAGER)
    protected AuthenticationManager authenticationManager() throws Exception {
        return super.authenticationManager();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/login").permitAll()
                .anyRequest().authenticated()

                .and()
                .logout().deleteCookies("JSESSIONID")

                .and()
                .rememberMe().key("uniqueAndSecret").tokenValiditySeconds(86400)

                .and()
                .csrf().disable();
    }

    @Bean
    BCryptPasswordEncoder bCryptPasswordEncoder() { return new BCryptPasswordEncoder();}

}

和我的登录控制器：

@RestController
@RequestMapping(path="/",produces = "application/json")
@CrossOrigin(origins="*")
public class LoginController {

    private final AuthenticationManager authenticationManager;

    public LoginController(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    @PostMapping("/login")
    @ResponseStatus(HttpStatus.OK)
    public void login(HttpServletRequest req, @RequestBody LoginRequest loginRequest) {
        UsernamePasswordAuthenticationToken authReq
                = new UsernamePasswordAuthenticationToken(loginRequest.getUsername(), loginRequest.getPassword());
        Authentication auth = authenticationManager.authenticate(authReq);

        SecurityContext sc = SecurityContextHolder.getContext();
        sc.setAuthentication(auth);
        HttpSession session = req.getSession(true);
        session.setAttribute(SPRING_SECURITY_CONTEXT_KEY, sc);
    }

}

当我调用请求时，调用authenticationManager.authenticate（authReq）时会引发BadCredentials异常因为authReq的内容日志是 org.springframework.security.authentication。UsernamePasswordAuthenticationToken@6582813：校长：帕维尔；凭据：[受保护]；认证：假；详细信息：空；未授予任何权限

我在这里缺少一些配置吗？

你能添加你的

UserService

类吗？为什么您需要

LoginController

（您是否将用户名和密码作为json有效负载发送）？您可以添加

UserService

类吗？为什么您需要一个

LoginController

（您是否将用户名和密码作为json负载发送）？