Authentication 无法使用UserName和PasswordToken进行身份验证,无法使用Spring安全设置Cookie
我正在构建SpringBoot/ReactJS应用程序,在验证用户身份和生成JSSESSIONID方面有以下问题 我的SecurityConfig类如下所示:Authentication 无法使用UserName和PasswordToken进行身份验证,无法使用Spring安全设置Cookie,authentication,cookies,spring-security,session-management,security-context,Authentication,Cookies,Spring Security,Session Management,Security Context,我正在构建SpringBoot/ReactJS应用程序,在验证用户身份和生成JSSESSIONID方面有以下问题 我的SecurityConfig类如下所示: @Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserService userService; @Override
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserService userService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService).passwordEncoder(bCryptPasswordEncoder());
}
@Override
@Bean(BeanIds.AUTHENTICATION_MANAGER)
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/login").permitAll()
.anyRequest().authenticated()
.and()
.logout().deleteCookies("JSESSIONID")
.and()
.rememberMe().key("uniqueAndSecret").tokenValiditySeconds(86400)
.and()
.csrf().disable();
}
@Bean
BCryptPasswordEncoder bCryptPasswordEncoder() { return new BCryptPasswordEncoder();}
}
和我的登录控制器:
@RestController
@RequestMapping(path="/",produces = "application/json")
@CrossOrigin(origins="*")
public class LoginController {
private final AuthenticationManager authenticationManager;
public LoginController(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
@PostMapping("/login")
@ResponseStatus(HttpStatus.OK)
public void login(HttpServletRequest req, @RequestBody LoginRequest loginRequest) {
UsernamePasswordAuthenticationToken authReq
= new UsernamePasswordAuthenticationToken(loginRequest.getUsername(), loginRequest.getPassword());
Authentication auth = authenticationManager.authenticate(authReq);
SecurityContext sc = SecurityContextHolder.getContext();
sc.setAuthentication(auth);
HttpSession session = req.getSession(true);
session.setAttribute(SPRING_SECURITY_CONTEXT_KEY, sc);
}
}
当我调用请求时,调用authenticationManager.authenticate(authReq)时会引发BadCredentials异常
因为authReq的内容日志是
org.springframework.security.authentication。UsernamePasswordAuthenticationToken@6582813:校长:帕维尔;凭据:[受保护];认证:假;详细信息:空;未授予任何权限
我在这里缺少一些配置吗?你能添加你的
UserService
类吗?为什么您需要LoginController
(您是否将用户名和密码作为json有效负载发送)?您可以添加UserService
类吗?为什么您需要一个LoginController
(您是否将用户名和密码作为json负载发送)?