我是春天的新手,我试图弄清楚如何验证用户。
目前,看起来所有内容都已正确设置。当我使用x-www-form-urlencoded时,我可以成功登录。使用application/json时,我的应用程序不会收到emailAddress参数。
我一直在谷歌搜索和检查SO,但我找不到任何相关的东西。
这是我的SecurityConfig。
package com.myapp.config;
import com.myapp.security.RestAuthenticationEntryPoint;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.web.bind.annotation.RestController;
@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier("customUserDetailsService")
private UserDetailsService userDetailsService;
@Autowired
private RestAuthenticationEntryPoint restAuthenticationEntryPoint;
@Autowired
public void configure(AuthenticationManagerBuilder builder) throws Exception {
builder.userDetailsService(userDetailsService);
builder.authenticationProvider(this.authenticationProvider());
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
authenticationProvider.setUserDetailsService(userDetailsService);
authenticationProvider.setPasswordEncoder(passwordEncoder());
return authenticationProvider;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.csrf().disable()
.exceptionHandling()
.authenticationEntryPoint(restAuthenticationEntryPoint)
.and()
.authorizeRequests()
.antMatchers("/").authenticated()
.and()
.formLogin().loginPage("/login").usernameParameter("emailAddress").passwordParameter("password")
.successHandler(new SimpleUrlAuthenticationSuccessHandler())
.failureHandler(new SimpleUrlAuthenticationFailureHandler())
.and()
.logout();
}
}
答案 0 :(得分:1)
formLogin().loginPage("/login").usernameParameter("emailAddress").passwordParameter("password")
.successHandler(new SimpleUrlAuthenticationSuccessHandler())
.failureHandler(new SimpleUrlAuthenticationFailureHandler())
在上面的配置中,标准UsernamePasswordAuthenticationFilter用于从请求参数获取用户名和密码。但是,标准过滤器不会解析请求中json字符串的参数。
您可以尝试创建自定义UsernamePasswordAuthenticationFilter以从您的json字符串中获取用户名和密码,并在配置中应用自定义过滤器。但是,与可以使用<custom-filter position="FORM_LOGIN_FILTER" ref="yourCustomFilter" />的XML配置不同,您无法通过Java Config将表单登录过滤器替换为自定义过滤器。
作为解决方法,您可以尝试以下操作:
AbstractAuthenticationProcessingFilter以从json字符串获取用户名和密码,并将解析后的参数放入请求中。解决方案是使用HttpRequestWrapper类,它允许您将一个请求与另一个请求包装起来。您可以对其进行子类化,并覆盖getParameter以返回从json字符串解析的用户名和密码。然后,您可以将包装的请求传递给chain.doFilter。UsernamePasswordAuthenticationFilter HttpSecurity#addFilterBefore(yourCustomFilter, UsernamePasswordAuthenticationFilter.class)之前添加自定义过滤器
由于用户名和密码是从json字符串解析为request参数,因此标准UsernamePasswordAuthenticationFilter应该能够执行身份验证。