我正在使用spring-boot(使用JWT和spring安全性),我在spring-boot中使用以下代码创建了一个类configSecurity:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.authorizeRequests().antMatchers("/login/**").permitAll();
http.authorizeRequests().antMatchers(HttpMethod.GET,"/ListProjects/**").hasAuthority("ADMIN");
http.authorizeRequests().anyRequest().authenticated()
.and()
.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint());
http.authorizeRequests().antMatchers(HttpMethod.OPTIONS, "/**").permitAll(); //allow CORS option calls
http.addFilter(new JWTAuthenticationFilter(authenticationManager()));
http.addFilterBefore(new JWTAutorizationFilter(), UsernamePasswordAuthenticationFilter.class);
}
一个类:JWTAuthenticationFilter.java包含了contsructor:
@Autowired
public JWTAuthenticationFilter(AuthenticationManager authenticationManager)
{
this.authenticationManager = authenticationManager;
}
我的目标是更改securityConfig中的行:
http.addFilter(new JWTAuthenticationFilter(authenticationManager()));
这样的事情:
http.addFilter(jwtAuthenticationFilter.SetJWTAuthenticationFilter(authenticationManager());
所以我在SecurityConfig类中添加了Annocation @Autoweird作为This:
@Autowired
private JWTAuthenticationFilter jwtAuthenticationFilter;
所以我不知道如何在JWTAuthenticationFilter.java中创建这个方法, 我做了这样的事情:
@Autowired
public JWTAuthenticationFilter SetJWTAuthenticationFilter(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
return // (1)
}
(1):那么在这种情况下我该返回什么?我不想使用像新的JWTAuthenticationFilter()那样的东西..,任何想法?或者我没有以正确的方式做到这一点..?
修改
添加这些更改后,我无法对用户进行身份验证,因此无法获取每个用户的令牌,我认为问题在于我添加的新类实现了一种方法返回null
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
@Configuration
public class CustomAuthManager implements AuthenticationManager {
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
return null;
}
}
任何想法?
答案 0 :(得分:1)
代码的那部分
@Autowired
public JWTAuthenticationFilter(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
表示如果您创建JWTAuthenticationFilter作为Spring组件(而不是通过调用new)AuthenticationManager将自动自动装入该类,您不需要运行任何类型的setter 。
您的authenticationManager()方法正在做什么?如果您只是创建@Bean AuthenticationManager JWTAuthenticationFilter,则可以在单独的课程中进行,并自动将其自动连接到@Configuration
public class CustomAuthManager implements AuthenticationManager {
...
}
。
可能的解决方案:
1.创建课程:
SecurityConfig 2。添加到@Autowired
private JWTAuthenticationFilter jwtAuthenticationFilter;
:
http.addFilter(jwtAuthenticationFilter);并使用JWTAuthenticationFilter
3.保持原样DF <- data.frame(dv = rnorm(900),
iv.x = sort(rep(letters[1:3], 300)),
iv.y = rep(sort(rep(rev(letters)[1:3], 100)), 3))
。