我正在使用自定义单点登录机制。作为第一阶段,我尝试使用以下代码使用测试帐户登录每个用户。但是我陷入了无限的身份验证循环。这对我没有任何意义。
TasFilterA .java
public class TasFilterA extends AbstractAuthenticationProcessingFilter {
protected TasFilterA(RequestMatcher requiresAuthenticationRequestMatcher) {
super(requiresAuthenticationRequestMatcher);
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException, IOException, ServletException {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null) {
return auth;
}
else {
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
SimpleGrantedAuthority us = new SimpleGrantedAuthority("tas.babson.edu");
authorities.add(us);
Authentication token = new UsernamePasswordAuthenticationToken("tonyo", "pw", authorities);
return token;
}
}
}
SecurityConfig.java
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/login**", "/error").permitAll()
.antMatchers("/**")
.authenticated()
.and()
.addFilterAfter(getTASAuthenticationFilter(
new AndRequestMatcher(
new AntPathRequestMatcher("/**")//
)
), BasicAuthenticationFilter.class);
}
TasFilterA getTASAuthenticationFilter( RequestMatcher requestMatcher ) {
TasFilterA filter = new TasFilterA( requestMatcher );
return filter;
}
}
任何有人可以解决的问题都将非常感谢!