我正在使用自定义身份验证提供程序,它实现" AuthenticationProvider"。在SecurityConfig中,我正在使用以下配置。
http.csrf().disable().authorizeRequests()
.antMatchers("/login/authenticateUser").permitAll()
.and()
.authorizeRequests().anyRequest().authenticated();
上述配置不会为登录API调用自定义身份验证提供程序,但对于其他API,不会调用自定义身份验证提供程序,这会导致禁止错误。
@Autowired
private CustomAuthenticationProvider authProvider;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authProvider);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests()
.antMatchers("/login/authenticateUser").permitAll()
.and()
.authorizeRequests().anyRequest().authenticated();
}
自定义身份验证提供程序:
@Component
public class CustomAuthenticationProvider实现AuthenticationProvider {
static Map<String, UserDetails> userSessionList = new HashMap<String, UserDetails>();
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String userName = authentication.getName();
String password = authentication.getCredentials().toString().split(";")[0];
if (checkUserNameAndPassword(userName, password)) {
List<GrantedAuthority> grantedAuths = new ArrayList<>();
grantedAuths.add(() -> {
return "AUTH_USER";
});
Authentication auth = new UsernamePasswordAuthenticationToken(userName, password, grantedAuths);
return auth;
} else {
throw new AuthenticationCredentialsNotFoundException("Invalid Credentials!");
}
}
@Override
public boolean supports(Class<?> authentication) {
//return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);
return authentication.equals(UsernamePasswordAuthenticationToken.class);
}
请帮我解决这个问题。应为除登录控制器之外的所有请求调用自定义身份验证提供程序。