Spring boot 未调用身份验证筛选器
我创建了一个类Spring boot 未调用身份验证筛选器,spring-boot,spring-security,spring-filter,Spring Boot,Spring Security,Spring Filter,我创建了一个类AuthenticationFilter,它扩展了GenericFilterBean。我已经在安全配置中添加了这个选项,但是当我尝试登录时,没有调用这个过滤器,控件直接转到UserDetailsService @配置 @订单(ManagementServerProperties.ACCESS\u OVERRIDE\u订单) 公共类SecurityConfig扩展了WebSecurity配置适配器{ @值(${nwook.login.credentials.type}) 私人字符串凭
AuthenticationFilterGenericFilterBeanUserDetailsService@配置
@订单(ManagementServerProperties.ACCESS\u OVERRIDE\u订单)
公共类SecurityConfig扩展了WebSecurity配置适配器{
@值(${nwook.login.credentials.type})
私人字符串凭证类型标题名称;
@凌驾
public void configure(WebSecurity web)引发异常{
忽略
.antMatchers(“/changePassword/**”、“/uniqueCode/verify/mobile/**”、“/signup/**”,
“/uniqueCode/generate/**”、“/uploadverificationdoc/**”、“/v2/api docs”、“/configuration/ui”,
“/swagger resources”、“/configuration/security”、“/swagger ui.html”、“/webjars/**”,
“/validateSignup/**”,“/socialLinks/**”,“/socialLogin”、“/configuration/*”、“/swagger”,
“/webjars/”、“/v2/*”、“/”、“/css/”、“/js/”、“/img/*”、“/vendor/*”、“/swagger resources*”,
“/favicon*”、“/swagger resources/configuration/*”、“/*.html”、“/signup/**”、“/verify/**”,
“*.js”)
和()忽略()antMatchers(“/login/**”);
}
@凌驾
受保护的无效配置(HttpSecurity http)引发异常{
http
.授权请求()
.antMatchers(“/secure/**”).authenticated()
.anyRequest().hasRole(“已验证的用户”)
.及()
.logout()
.logoutUrl(“/logout/**”)
.invalidateHttpSession(真)
.及()
.headers()
.frameOptions().disable()
.及()
.sessionManagement().sessionCreationPolicy(sessionCreationPolicy.STATELESS);
http.addFilterAfter(新的AuthenticationFilter(authenticationManager(),credentialsTypeHeaderName),
BasicAuthenticationFilter.class);
}
@自动连线
public void configureGlobal(AuthenticationManagerBuilder auth)引发异常{
auth.authenticationProvider(domainUsernamePasswordAuthenticationProvider())
.authenticationProvider(otpAuthenticationProvider());
}
@豆子
公共AuthenticationProvider domainUsernamePasswordAuthenticationProvider(){
返回新的DomainUsernamePasswordAuthenticationProvider();
}
@豆子
公共身份验证提供程序otpAuthenticationProvider(){
返回新的OTPAuthenticationProvider();
}
@豆子
公共密码编码器PasswordEncoder(){
返回新的CustomMD5PasswordEncoder();
}
@豆子
@凌驾
受保护的UserDetailsService UserDetailsService(){
返回新的CustomUserDetailsService();
}
@配置
@EnableAuthorizationServer
受保护的静态类OAuth2Config扩展了AuthorizationServerConfigurerAdapter{
@自动连线
私人AuthenticationManager AuthenticationManager;
@豆子
公共JwtAccessTokenConverter JwtAccessTokenConverter(){
JwtAccessTokenConverter=新的JwtAccessTokenConverter();
KeyPair KeyPair=newkeystorekeyfactory(新类路径资源(“keystore.jks”),“foobar.toCharArray())
.getKeyPair(“测试”);
转换器。设置密钥对(密钥对);
回流转换器;
}
@凌驾
公共无效配置(ClientDetailsServiceConfigurer客户端)引发异常{
clients.inMemory().withClient(“acme”).secret(“acmescret”)
.authorizedGrantTypes(“授权代码”、“刷新令牌”、“密码”).scopes(“openid”)
.accessTokenValiditySeconds(31536000)。权限(“角色验证用户”)。自动批准(true);
}
@凌驾
public void configure(AuthorizationServerEndpointsConfigurer端点)引发异常{
endpoints.authenticationManager(authenticationManager).accessTokenConverter(jwtAccessTokenConverter());
}
@凌驾
public void configure(AuthorizationServerSecurityConfigure oauthServer)引发异常{
oauthServer.tokenKeyAccess(“permitAll()”).checkTokenAccess(“isAuthenticated()”);
}
}
}
/oauth/tokenOAuth2Config