Spring身份验证筛选器不工作
我正在实现自定义身份验证过滤器,如下所示。但它总是返回404notfound。例如: WebSecurityConfig.javaSpring身份验证筛选器不工作,spring,authentication,login,filter,Spring,Authentication,Login,Filter,我正在实现自定义身份验证过滤器,如下所示。但它总是返回404notfound。例如: WebSecurityConfig.java @Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { public static f
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
public static final String JWT_TOKEN_HEADER_PARAM = "X-Authorization";
public static final String FORM_BASED_LOGIN_ENTRY_POINT = "/api/auth/login";
public static final String TOKEN_BASED_AUTH_ENTRY_POINT = "/api/**";
public static final String TOKEN_REFRESH_ENTRY_POINT = "/api/auth/token";
@Autowired
private RestAuthenticationEntryPoint authenticationEntryPoint;
@Autowired
private JwtAuthenticationSuccessHandler successHandler;
@Autowired
private JwtAuthenticationFailureHandler failureHandler;
@Autowired
private AjaxAuthenticationProvider ajaxAuthenticationProvider;
@Autowired
private JwtAuthenticationProvider jwtAuthenticationProvider;
@Autowired
private TokenExtractor tokenExtractor;
@Autowired
private AuthenticationManager authenticationManager;
private ObjectMapper objectMapper = new ObjectMapper();
protected AjaxLoginProcessingFilter buildAjaxLoginProcessingFilter() throws Exception {
AjaxLoginProcessingFilter filter = new AjaxLoginProcessingFilter(FORM_BASED_LOGIN_ENTRY_POINT, successHandler,
failureHandler, objectMapper);
filter.setAuthenticationManager(this.authenticationManager);
return filter;
}
protected JwtTokenAuthenticationProcessingFilter buildJwtTokenAuthenticationProcessingFilter() throws Exception {
List<String> pathsToSkip = Arrays.asList(TOKEN_REFRESH_ENTRY_POINT, FORM_BASED_LOGIN_ENTRY_POINT);
SkipPathRequestMatcher matcher = new SkipPathRequestMatcher(pathsToSkip, TOKEN_BASED_AUTH_ENTRY_POINT);
JwtTokenAuthenticationProcessingFilter filter = new JwtTokenAuthenticationProcessingFilter(failureHandler,
tokenExtractor, matcher);
filter.setAuthenticationManager(this.authenticationManager);
return filter;
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) {
auth.authenticationProvider(ajaxAuthenticationProvider);
auth.authenticationProvider(jwtAuthenticationProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable() // We don't need CSRF for JWT based authentication
.exceptionHandling().authenticationEntryPoint(this.authenticationEntryPoint)
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().authorizeRequests().antMatchers(FORM_BASED_LOGIN_ENTRY_POINT).permitAll() // Login
// end-point
.antMatchers(TOKEN_REFRESH_ENTRY_POINT).permitAll() // Token
// refresh
// end-point
.antMatchers("/console").permitAll() // H2 Console Dash-board -
// only for testing
.and().authorizeRequests().antMatchers(TOKEN_BASED_AUTH_ENTRY_POINT).authenticated() // Protected
// API
// End-points
.and().addFilterBefore(new CustomCorsFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(buildAjaxLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(),
UsernamePasswordAuthenticationFilter.class);
}
}
@配置
@启用Web安全性
公共类WebSecurityConfig扩展了WebSecurityConfigureAdapter{
公共静态最终字符串JWT_TOKEN_HEADER_PARAM=“X-Authorization”;
公共静态最终字符串形式基于登录登录条目点=“/api/auth/LOGIN”;
公共静态最终字符串标记基于身份验证入口点=“/api/**”;
公共静态最终字符串标记\u刷新\u条目\u点=“/api/auth/TOKEN”;
@自动连线
私有重新身份验证入口点身份验证入口点;
@自动连线
私有JwtAuthenticationSuccessHandler successHandler;
@自动连线
私有JwtAuthenticationFailureHandler failureHandler;
@自动连线
私人AjaxAuthenticationProvider AjaxAuthenticationProvider;
@自动连线
私有JwtAuthenticationProvider JwtAuthenticationProvider;
@自动连线
专用令牌提取器令牌提取器;
@自动连线
私人AuthenticationManager AuthenticationManager;
私有ObjectMapper ObjectMapper=新ObjectMapper();
受保护的AjaxLoginProcessingFilter buildAjaxLoginProcessingFilter()引发异常{
AjaxLoginProcessingFilter=新的AjaxLoginProcessingFilter(基于表单的登录入口点,successHandler,
failureHandler,objectMapper);
filter.setAuthenticationManager(this.authenticationManager);
回流过滤器;
}
受保护的JwtTokenAuthenticationProcessingFilter buildJwtTokenAuthenticationProcessingFilter()引发异常{
List pathsToSkip=Arrays.asList(令牌\刷新\条目\点,基于表单\登录\条目\点);
SkipPathRequestMatcher matcher=新的SkipPathRequestMatcher(路径跳过,基于令牌的认证入口点);
JwtTokenAuthenticationProcessingFilter=新的JwtTokenAuthenticationProcessingFilter(failureHandler,
令牌提取器、匹配器);
filter.setAuthenticationManager(this.authenticationManager);
回流过滤器;
}
@豆子
@凌驾
公共AuthenticationManager authenticationManagerBean()引发异常{
返回super.authenticationManagerBean();
}
@凌驾
受保护的无效配置(AuthenticationManagerBuilder身份验证){
authenticationProvider(ajaxAuthenticationProvider);
authenticationProvider(jwtAuthenticationProvider);
}
@凌驾
受保护的无效配置(HttpSecurity http)引发异常{
http.csrf().disable()//基于JWT的身份验证不需要csrf
.exceptionHandling().authenticationEntryPoint(此.authenticationEntryPoint)
.and().sessionManagement().sessionCreationPolicy(sessionCreationPolicy.STATELESS)
.and().authorizeRequests().antMatchers(基于表单的登录入口点)。permitAll()//登录
//终点
.antMatchers(令牌\刷新\入口\点).permitAll()//令牌
//刷新
//终点
.antMatchers(“/console”).permitAll()//H2控制台仪表板-
//仅用于测试
.and().authorizeRequests().antMatchers(基于令牌的认证入口点)。已验证()//受保护
//原料药
//终点
.and().addFilterBefore(新的CustomCorsFilter(),UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(buildAjaxLoginProcessingFilter(),UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(),
UsernamePasswordAuthenticationFilter.class);
}
}
Web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-
security-4.2.xsd">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/*.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet- context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
上下文配置位置
/WEB-INF/spring/*.xml
org.springframework.web.context.ContextLoaderListener
appServlet
org.springframework.web.servlet.DispatcherServlet
上下文配置位置
/网络接入
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.2.2.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.2.2.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.2.2.RELEASE</version>
</dependency>
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
public class SpringSecurityInitializer extends AbstractSecurityWebApplicationInitializer {
}
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>