Java Spring Security没有';无法识别哪个登录用户
我将Spring安全性添加到我的Spring引导应用程序中,但在验证之后,ProcessServer在下一个请求中无法识别同一个用户。我在UI中使用Angular 5,可能会要求UI端的此问题不包括cookie。请帮助我,了解为什么Spring Security无法识别已登录的用户 在web配置中:Java Spring Security没有';无法识别哪个登录用户,java,spring,spring-boot,spring-security,angular5,Java,Spring,Spring Boot,Spring Security,Angular5,我将Spring安全性添加到我的Spring引导应用程序中,但在验证之后,ProcessServer在下一个请求中无法识别同一个用户。我在UI中使用Angular 5,可能会要求UI端的此问题不包括cookie。请帮助我,了解为什么Spring Security无法识别已登录的用户 在web配置中: @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/rest/user/login").permitAll();
http.csrf().disable()
.authenticationProvider(authenticationProvider())
.exceptionHandling()
.authenticationEntryPoint(unauthorizedHandler)
.and()
.formLogin()
.permitAll()
.loginProcessingUrl("/rest/user/login")
.usernameParameter("username")
.passwordParameter("password")
.successHandler(logInSuccessHandler)
.failureHandler(authFailureHandler)
.and()
.logout().permitAll()
.logoutRequestMatcher(new AntPathRequestMatcher("/rest/user/logout", "POST"))
.logoutSuccessHandler(logoutHandler)
.and()
.sessionManagement()
.maximumSessions(1);
http.authorizeRequests().anyRequest().authenticated();
}
会话管理器被激活.sessionManagement()。最大会话数(1)代码>
身份验证成功完成myUserDetailsService
实现通过登录和密码正确返回User
对象。但下一个对该控制器的请求:
@GetMapping("/rest/list")
public RestList list() {
...
}
重定向到:
@Component
public class UnauthorizedHandler implements AuthenticationEntryPoint {
@Override
public void commence(
HttpServletRequest request,
HttpServletResponse response,
AuthenticationException authException) throws IOException {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, authException.getMessage());
}
}
我已登录检查程序:
@Component
public class LoggedInChecker {
public User getLoggedInUser() {
User user = null;
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null) {
Object principal = authentication.getPrincipal();
// principal can be "anonymousUser" (String)
if (principal instanceof UserDetailsImpl) {
UserDetailsImpl userDetails = (UserDetailsImpl) principal;
user = userDetails.getUser();
}
}
return user;
}
}
我在UserService
@Service
public class UserServiceImpl implements UserService {
@Autowired
private UserRepository userRepository;
@Autowired
private LoggedInChecker loggedInChecker;
@Override
public User getUserByUsername(String username) {
return userRepository.findByUsername(username);
}
@Override
public List<String> getPermissions(String username) {
User user = userRepository.findByUsername(username);
return nonNull(user) ? user.getRoles().stream().map(Role::getRole).collect(toList()) : Lists.newArrayList();
}
@Override
public User getCurrentUser() {
return loggedInChecker.getLoggedInUser();
}
@Override
public Boolean isCurrentUserLoggedIn() {
// This place must call but nothing happening
return nonNull(loggedInChecker.getLoggedInUser());
}
}
也许您知道如何指定Spring安全性来使用LoggedInChecker
检查身份验证,或者使用其他方法来检查身份验证,请告诉我。谢谢大家! 在Angular应用程序中,当您发送请求时,每次您在验证url上被重定向,并且在成功验证请求后重定向到所需的url?或者您的Spring应用程序通过请求而不重定向身份验证地址?根据我的经验,您应该在Angular中使用一些魔法,以确保它将在每个请求中发送身份验证cookie。增加日志级别可能有助于找到导致此问题的原因。顺便说一句:在我看来,LoggedInChecker类应该具有会话范围。
@Injectable()
export class CoreApi {
private baseUrl = 'http://localhost:8080/rest/';
constructor(public http: HttpClient) {
}
public get(url: string = ''): Observable<any> {
return this.http.get(this.getUrl(url));
}
}