Spring security 未在spring security中调用authenticationFilter_Spring Security

Spring security 未在spring security中调用authenticationFilter

spring-security

Spring security 未在spring security中调用authenticationFilter,spring-security,Spring Security,在spring安全认证过程中，我需要传递额外的参数以及用户名和密码。在阅读了几个线程之后，我在spring安全链中添加了自定义身份验证过滤器下面是我的档案过滤器类 public class AuthenticationFilter extends UsernamePasswordAuthenticationFilter { public Authentication attemptAuthentication(HttpServletRequest request, HttpSer

在spring安全认证过程中，我需要传递额外的参数以及用户名和密码。在阅读了几个线程之后，我在spring安全链中添加了自定义身份验证过滤器

下面是我的档案

过滤器类

public class AuthenticationFilter extends UsernamePasswordAuthenticationFilter {


    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
        String role = request.getParameter("role");

        request.getSession().setAttribute("role", role);

        return super.attemptAuthentication(request, response); 


    }

public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    RestAuthenticationSuccessHandler customizeAuthenticationSuccessHandler;

    @Autowired
    RestAuthenticationFailureHandler restAuthenticationFailureHandler;

    @Autowired
    UserDetailsService userDetailsService;

    @Autowired
    PasswordEncoder passwordEncoder;

    @Autowired
    private RestAuthenticationEntryPoint restAuthenticationEntryPoint;

    @Autowired
    private AccessDeniedHandler restAccessDeniedHandler;

    protected void configure(HttpSecurity http) throws Exception {

        http
        .addFilterBefore(authenticationFilter(), UsernamePasswordAuthenticationFilter.class)
        .authorizeRequests().antMatchers("/api/common/**").permitAll()
        .antMatchers("/api/student/**").access("hasRole('ROLE_STUDENT')")
        .antMatchers("/api/staff/**").access("hasRole('ROLE_STAFF')").antMatchers("/sysAdmin/**").access("hasRole('ROLE_ADMIN')").and().formLogin()
        .loginProcessingUrl("/api/common/login")
        .successHandler(customizeAuthenticationSuccessHandler)
        .failureHandler(restAuthenticationFailureHandler)
        .usernameParameter("userName")
        .passwordParameter("password")
        .and().exceptionHandling().authenticationEntryPoint(restAuthenticationEntryPoint).accessDeniedHandler(restAccessDeniedHandler)
        .and().csrf().disable();
    }

    @Bean
    public UsernamePasswordAuthenticationFilter authenticationFilter() throws Exception {
        AuthenticationFilter authFilter = new AuthenticationFilter();
        authFilter.setUsernameParameter("username");
        authFilter.setPasswordParameter("password");
        authFilter.setAuthenticationManager(authenticationManagerBean());
        return authFilter;
    }

    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(authProvider());
    }

    public AuthenticationProvider authProvider() {
        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
        provider.setUserDetailsService(userDetailsService);
        provider.setPasswordEncoder(passwordEncoder);
        return provider;
    }

}

SecurityConfig类

public class AuthenticationFilter extends UsernamePasswordAuthenticationFilter {


    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
        String role = request.getParameter("role");

        request.getSession().setAttribute("role", role);

        return super.attemptAuthentication(request, response); 


    }

public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    RestAuthenticationSuccessHandler customizeAuthenticationSuccessHandler;

    @Autowired
    RestAuthenticationFailureHandler restAuthenticationFailureHandler;

    @Autowired
    UserDetailsService userDetailsService;

    @Autowired
    PasswordEncoder passwordEncoder;

    @Autowired
    private RestAuthenticationEntryPoint restAuthenticationEntryPoint;

    @Autowired
    private AccessDeniedHandler restAccessDeniedHandler;

    protected void configure(HttpSecurity http) throws Exception {

        http
        .addFilterBefore(authenticationFilter(), UsernamePasswordAuthenticationFilter.class)
        .authorizeRequests().antMatchers("/api/common/**").permitAll()
        .antMatchers("/api/student/**").access("hasRole('ROLE_STUDENT')")
        .antMatchers("/api/staff/**").access("hasRole('ROLE_STAFF')").antMatchers("/sysAdmin/**").access("hasRole('ROLE_ADMIN')").and().formLogin()
        .loginProcessingUrl("/api/common/login")
        .successHandler(customizeAuthenticationSuccessHandler)
        .failureHandler(restAuthenticationFailureHandler)
        .usernameParameter("userName")
        .passwordParameter("password")
        .and().exceptionHandling().authenticationEntryPoint(restAuthenticationEntryPoint).accessDeniedHandler(restAccessDeniedHandler)
        .and().csrf().disable();
    }

    @Bean
    public UsernamePasswordAuthenticationFilter authenticationFilter() throws Exception {
        AuthenticationFilter authFilter = new AuthenticationFilter();
        authFilter.setUsernameParameter("username");
        authFilter.setPasswordParameter("password");
        authFilter.setAuthenticationManager(authenticationManagerBean());
        return authFilter;
    }

    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(authProvider());
    }

    public AuthenticationProvider authProvider() {
        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
        provider.setUserDetailsService(userDetailsService);
        provider.setPasswordEncoder(passwordEncoder);
        return provider;
    }

}

问题:

当我尝试对用户进行身份验证时，我的自定义筛选器类的身份验证方法未被调用并直接调用，请转到UserDetails服务类添加FilterProcessingUrl以验证筛选器对象解决了此问题。更新的authenticationFilter（）方法：