Java 在Spring boot应用程序中实现注销RESTAPI
我的spring boot应用程序有以下Web安全配置Java 在Spring boot应用程序中实现注销RESTAPI,java,spring,Java,Spring,我的spring boot应用程序有以下Web安全配置 @EnableWebSecurity @Configuration class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private AccountRepository accountRepository; @Override protected void configure(HttpSecurity ht
@EnableWebSecurity
@Configuration
class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private AccountRepository accountRepository;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/login").permitAll()
.and()
.authorizeRequests()
.antMatchers("/signup").permitAll()
.and()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.logout().logoutUrl("/logout").invalidateHttpSession(true)
.and()
// We filter the api/signup requests
.addFilterBefore(
new JWTSignupFilter("/signup", authenticationManager(), accountRepository),
UsernamePasswordAuthenticationFilter.class)
// We filter the api/login requests
.addFilterBefore(
new JWTLoginFilter("/login", authenticationManager()),
UsernamePasswordAuthenticationFilter.class)
// And filter other requests to check the presence of JWT in
// header
.addFilterBefore(new JWTAuthenticationFilter(userDetailsServiceBean()),
UsernamePasswordAuthenticationFilter.class);
}
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.userDetailsService(userDetailsServiceBean());
}
@Override
public UserDetailsService userDetailsServiceBean() throws Exception {
return new CustomUserDetailsService(accountRepository);
}
}
/logoutPOSTcom.fasterxml.jackson.databind.JsonMappingException: No content to map due to end-of-input
at [Source: org.apache.catalina.connector.CoyoteInputStream@3f636b5b; line: 1, column: 0]
at com.fasterxml.jackson.databind.JsonMappingException.from(JsonMappingException.java:270) ~[jackson-databind-2.8.7.jar:2.8.7]
at com.fasterxml.jackson.databind.ObjectMapper._initForReading(ObjectMapper.java:3838) ~[jackson-databind-2.8.7.jar:2.8.7]
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:3783) ~[jackson-databind-2.8.7.jar:2.8.7]
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2908) ~[jackson-databind-2.8.7.jar:2.8.7]
at com.boot.myapp.config.security.JWTLoginFilter.attemptAuthentication(JWTLoginFilter.java:32) ~[classes/:na]
JWTLoginFilterpublic class JWTLoginFilter extends AbstractAuthenticationProcessingFilter {
public JWTLoginFilter(String url, AuthenticationManager authManager) {
super(new AntPathRequestMatcher(url));
setAuthenticationManager(authManager);
}
@Override
public Authentication attemptAuthentication(HttpServletRequest req,
HttpServletResponse res) throws AuthenticationException,
IOException, ServletException {
CustomUserDetails creds = new ObjectMapper().readValue(
req.getInputStream(), CustomUserDetails.class);
return getAuthenticationManager().authenticate(
new UsernamePasswordAuthenticationToken(creds.getUsername(),
creds.getPassword()));
}
@Override
protected void successfulAuthentication(HttpServletRequest req,
HttpServletResponse res, FilterChain chain, Authentication auth) {
TokenAuthenticationService.addAuthentication(res, auth.getName());
}
}
显然,Spring security会自动将注销重定向到
login?logout
公共JWTLoginFilter(字符串url,AuthenticationManager authManager){
超级(新的AntPathRequestMatcher(url,“POST”);
setAuthenticationManager(authManager);
}
JWTLoginFilter