Java UsernamePasswordAuthenticationFilter跳过成功处理程序
我很难配置我的spring安全性。问题是,每当我通过自定义的Java UsernamePasswordAuthenticationFilter跳过成功处理程序,java,spring-boot,spring-security,Java,Spring Boot,Spring Security,我很难配置我的spring安全性。问题是,每当我通过自定义的UsernamePasswordAuthenticationFilter进行身份验证时,我的身份验证筛选器总是跳过成功和失败处理程序。我似乎不知道为什么会这样 首先,我将身份验证参数作为JSON传递,并过滤掉用户名和密码,然后将这两个参数传递到一个新的UsernamePasswordAuthenticationToken(username,password),然后获取身份验证管理器并对返回的令牌进行身份验证。在成功进行完全身份验证时,我
UsernamePasswordAuthenticationFilter
进行身份验证时,我的身份验证筛选器总是跳过成功和失败处理程序。我似乎不知道为什么会这样
首先,我将身份验证参数作为JSON传递,并过滤掉用户名和密码,然后将这两个参数传递到一个新的UsernamePasswordAuthenticationToken(username,password)
,然后获取身份验证管理器并对返回的令牌进行身份验证。在成功进行完全身份验证时,我希望成功处理程序会接管,但不会调用它
这是我的安全配置
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.authorizeRequests()
.and()
.exceptionHandling()
.authenticationEntryPoint(restAuthenticationEntryPoint)
.and()
.authorizeRequests()
.antMatchers("/signup")
.permitAll()
.antMatchers("/", "/security/login", "/request", "/request.html")
.authenticated()
.and()
.formLogin()
.loginProcessingUrl("/security/login")
.successHandler(authenticationSuccessHandler())
.failureHandler(authenticationFailureHandler())
.and()
.logout()
.logoutUrl("/logout")
.permitAll()
.and()
.addFilterAfter
(authenticationFilter(), UsernamePasswordAuthenticationFilter.class)
//.and()
.userDetailsService(userDetailsServiceBean());
}
相关的bean是
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsServiceBean());
}
@Bean
@Override
public UserDetailsService userDetailsServiceBean() throws Exception {
return new JdbcUserDetails();
}
@Bean
public RestAuthenticationSuccessHandler authenticationSuccessHandler(){
return new RestAuthenticationSuccessHandler();
}
@Bean
public RestAuthenticationFailureHandler authenticationFailureHandler(){
return new RestAuthenticationFailureHandler();
}
@Bean
JsonAuthenticationFilter authenticationFilter() throws Exception {
logger.debug("Authenication filter processing loggin request ");
JsonAuthenticationFilter filter = new JsonAuthenticationFilter();
filter.setAuthenticationManager(authenticationManagerBean());
return filter;
}
过滤器是空的
public class JsonAuthenticationFilter extends UsernamePasswordAuthenticationFilter{
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
UsernamePasswordAuthenticationToken authRequest = this.getUserNamePasswordAuthenticationToken(request);
setDetails(request, authRequest);
return this.getAuthenticationManager().authenticate(authRequest);
}
最后,我成功了
class RestAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
Authentication authentication)
throws ServletException, IOException {
logger.debug("Successful login");
System.out.println("\n\n\n\n\n\n\n\nresponse here\n\n\n\n\n\n\n");
response.getWriter().write("{This is a login success response}");
response.getWriter().flush();
response.getWriter().close();
}
我已经争论太久了当您提供一个给定的bean配置时,Spring安全性将退出该bean配置 因此,因为您提供了过滤器(JsonAuthenticationFilter),所以Spring安全性希望您最了解如何编写它 那么,你应该这样做:
@Bean
JsonAuthenticationFilter authenticationFilter() {
JsonAuthenticationFilter filter = new JsonAuthenticationFilter();
// .. other configs
filter.setAuthenticationSuccessHandler(new RestAuthenticationSuccessHandler());
filter.setAuthenticationFailureHandler(new RestAuthenticationFailureHandler());
}
看起来有很多事情要做,所以如果这不能解决您的问题,请随意收集一个样本,比如说在GitHub上,我很乐意查看。嗨,Adindu,小世界。这件事我摸索了整整一天day@inginia这可能很棘手,我希望你已经解决了?