Java 在Spring boot应用程序中实现注销RESTAPI
我的spring boot应用程序有以下Web安全配置Java 在Spring boot应用程序中实现注销RESTAPI,java,spring,Java,Spring,我的spring boot应用程序有以下Web安全配置 @EnableWebSecurity @Configuration class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private AccountRepository accountRepository; @Override protected void configure(HttpSecurity ht
@EnableWebSecurity
@Configuration
class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private AccountRepository accountRepository;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/login").permitAll()
.and()
.authorizeRequests()
.antMatchers("/signup").permitAll()
.and()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.logout().logoutUrl("/logout").invalidateHttpSession(true)
.and()
// We filter the api/signup requests
.addFilterBefore(
new JWTSignupFilter("/signup", authenticationManager(), accountRepository),
UsernamePasswordAuthenticationFilter.class)
// We filter the api/login requests
.addFilterBefore(
new JWTLoginFilter("/login", authenticationManager()),
UsernamePasswordAuthenticationFilter.class)
// And filter other requests to check the presence of JWT in
// header
.addFilterBefore(new JWTAuthenticationFilter(userDetailsServiceBean()),
UsernamePasswordAuthenticationFilter.class);
}
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.userDetailsService(userDetailsServiceBean());
}
@Override
public UserDetailsService userDetailsServiceBean() throws Exception {
return new CustomUserDetailsService(accountRepository);
}
}
当客户端向/logout
端点发出POST
请求时,服务器抛出异常:
com.fasterxml.jackson.databind.JsonMappingException: No content to map due to end-of-input
at [Source: org.apache.catalina.connector.CoyoteInputStream@3f636b5b; line: 1, column: 0]
at com.fasterxml.jackson.databind.JsonMappingException.from(JsonMappingException.java:270) ~[jackson-databind-2.8.7.jar:2.8.7]
at com.fasterxml.jackson.databind.ObjectMapper._initForReading(ObjectMapper.java:3838) ~[jackson-databind-2.8.7.jar:2.8.7]
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:3783) ~[jackson-databind-2.8.7.jar:2.8.7]
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2908) ~[jackson-databind-2.8.7.jar:2.8.7]
at com.boot.myapp.config.security.JWTLoginFilter.attemptAuthentication(JWTLoginFilter.java:32) ~[classes/:na]
如您所见,它试图在JWTLoginFilter
中运行一个用于登录的方法,但为什么
编辑1
JWTLoginFilter.java的代码
public class JWTLoginFilter extends AbstractAuthenticationProcessingFilter {
public JWTLoginFilter(String url, AuthenticationManager authManager) {
super(new AntPathRequestMatcher(url));
setAuthenticationManager(authManager);
}
@Override
public Authentication attemptAuthentication(HttpServletRequest req,
HttpServletResponse res) throws AuthenticationException,
IOException, ServletException {
CustomUserDetails creds = new ObjectMapper().readValue(
req.getInputStream(), CustomUserDetails.class);
return getAuthenticationManager().authenticate(
new UsernamePasswordAuthenticationToken(creds.getUsername(),
creds.getPassword()));
}
@Override
protected void successfulAuthentication(HttpServletRequest req,
HttpServletResponse res, FilterChain chain, Authentication auth) {
TokenAuthenticationService.addAuthentication(res, auth.getName());
}
}
显然,Spring security会自动将注销重定向到
login?logout
,从而激活登录过滤器。我们可以将登录筛选器构造函数更改为以下内容:
公共JWTLoginFilter(字符串url,AuthenticationManager authManager){
超级(新的AntPathRequestMatcher(url,“POST”);
setAuthenticationManager(authManager);
}
您能从JWTLoginFilter发布一些代码吗?我怀疑它是用@filter注释的,然后绑定到每个请求。您可能想删除它。我更新了问题并包含了JWTLoginFilter
的代码。我的代码中没有@filter注释。显然,它绑定到了每个请求。我的建议是删除登录过滤器,看看它是否仍然存在。还要检查JWTAuthenticationFilter是否扩展了登录筛选器或smth,因为它到处都在使用。