Java UsernamePasswordAuthenticationFilter跳过成功处理程序

我很难配置我的spring安全性。问题是，每当我通过自定义的

UsernamePasswordAuthenticationFilter

进行身份验证时，我的身份验证筛选器总是跳过成功和失败处理程序。我似乎不知道为什么会这样

首先，我将身份验证参数作为JSON传递，并过滤掉用户名和密码，然后将这两个参数传递到一个新的

UsernamePasswordAuthenticationToken（username，password）

，然后获取身份验证管理器并对返回的令牌进行身份验证。在成功进行完全身份验证时，我希望成功处理程序会接管，但不会调用它

这是我的安全配置

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .csrf()
            .disable()
            .authorizeRequests()
            .and()
            .exceptionHandling()
            .authenticationEntryPoint(restAuthenticationEntryPoint)
            .and()
            .authorizeRequests()
            .antMatchers("/signup")
            .permitAll()
            .antMatchers("/", "/security/login", "/request", "/request.html")
            .authenticated()
            .and()
            .formLogin()
            .loginProcessingUrl("/security/login")
            .successHandler(authenticationSuccessHandler())
            .failureHandler(authenticationFailureHandler())
            .and()
            .logout()
            .logoutUrl("/logout")
            .permitAll()
            .and()
            .addFilterAfter
                    (authenticationFilter(), UsernamePasswordAuthenticationFilter.class)
            //.and()
            .userDetailsService(userDetailsServiceBean());
}

相关的bean是

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

    auth.userDetailsService(userDetailsServiceBean());
}

@Bean
@Override
public UserDetailsService userDetailsServiceBean() throws Exception {

    return new JdbcUserDetails();
}

@Bean
public RestAuthenticationSuccessHandler authenticationSuccessHandler(){
    return new RestAuthenticationSuccessHandler();
}

@Bean
public RestAuthenticationFailureHandler authenticationFailureHandler(){
    return new RestAuthenticationFailureHandler();
}

@Bean
JsonAuthenticationFilter authenticationFilter() throws Exception {
    logger.debug("Authenication filter processing loggin request    ");
    JsonAuthenticationFilter filter = new JsonAuthenticationFilter();
    filter.setAuthenticationManager(authenticationManagerBean());
    return filter;
}

过滤器是空的

public class JsonAuthenticationFilter extends UsernamePasswordAuthenticationFilter{

@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {

    UsernamePasswordAuthenticationToken authRequest = this.getUserNamePasswordAuthenticationToken(request);

    setDetails(request, authRequest);

    return this.getAuthenticationManager().authenticate(authRequest);
}

最后，我成功了

class RestAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {

@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
        Authentication authentication)
        throws ServletException, IOException {

    logger.debug("Successful login");
    System.out.println("\n\n\n\n\n\n\n\nresponse here\n\n\n\n\n\n\n");

    response.getWriter().write("{This is a login success response}");
    response.getWriter().flush();
    response.getWriter().close();

}

---

我已经争论太久了

当您提供一个给定的bean配置时，Spring安全性将退出该bean配置

因此，因为您提供了过滤器（JsonAuthenticationFilter），所以Spring安全性希望您最了解如何编写它

那么，你应该这样做：

@Bean
JsonAuthenticationFilter authenticationFilter() {
    JsonAuthenticationFilter filter = new JsonAuthenticationFilter();
    // .. other configs
    filter.setAuthenticationSuccessHandler(new RestAuthenticationSuccessHandler());
    filter.setAuthenticationFailureHandler(new RestAuthenticationFailureHandler());
}

---

看起来有很多事情要做，所以如果这不能解决您的问题，请随意收集一个样本，比如说在GitHub上，我很乐意查看。

嗨，Adindu，小世界。这件事我摸索了整整一天day@inginia这可能很棘手，我希望你已经解决了？