我正在尝试允许用户通过登录页面以及API调用进行身份验证。我曾经在某一时刻工作过,但是在弄乱了代码之后,我不记得我做的一件事情是否导致其他事情坏了。登录页面工作正常,但是通过使用curl调用端点会给我403错误。这发生在AuthenticationFilter的chain.doFilter()处。
卷曲语句:
curl -XPOST "http:/localhost:8080/api/dothis" -H "accept: application/json" -F 'data=@path/to/cert'
MultipleSecurityConfig.java
@EnableWebSecurity
@Order(1)
public class MultipleSecurityConfig {
@Order(2)
@Configuration
public class ApiSecurityConfig extends WebSecurityConfigurerAdapter {
RestAuthenticationEntryPoint restAuthenticationEntryPoint;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(restAuthenticationEntryPoint)
.and()
.antMatcher("/api/**").authorizeRequests()
.anyRequest().authenticated()
.and()
.addFilterBefore(new AuthenticationFilter(), BasicAuthenticationFilter.class);
}
}
@Configuration
public class LoginSecurityConfig extends WebSecurityConfigurerAdapter {
RestAuthenticationEntryPoint restAuthenticationEntryPoint;
String[] permitted = {
"/login",
"/error",
"/images/**"
};
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(restAuthenticationEntryPoint)
.and()
.authorizeRequests()
.antMatchers(permitted).permitAll()
.anyRequest().authenticated()
.and()
.oauth2Login()
.loginPage("/login")
.defaultSuccessUrl("/swagger-ui.html", true)
.and()
.logout()
.clearAuthentication(true)
.logoutUrl("/logout")
.logoutSuccessUrl("/login").permitAll()
.deleteCookies("JSESSIONID")
.invalidateHttpSession(true);
}
}
}
AuthenticationFilter.java
//optional default is POST
con.setRequestMethod("POST");
//add request header
con.setRequestProperty("Content-Type","application/json");
con.setRequestProperty("User-Agent", USER_AGENT);
System.out.println("\nSending 'POST' request to URL : " + URL);
con.setDoOutput(true);
con.setDoInput(true);
int responseCode = con.getResponseCode();
try( DataOutputStream wr = new DataOutputStream(con.getOutputStream())) {
wr.write(postData);
} catch(Exception e){
System.out.println(e.getMessage());
}
StringBuffer result = new StringBuffer();
System.out.println("Response Code : " + responseCode);
if (responseCode == HttpsURLConnection.HTTP_OK) {
BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null) {
result.append(inputLine);
}
in.close();
}
else {
System.out.println("Error creating HTTPS connection");
System.out.println("Response Code: " + responseCode + ", Response Message: " + con.getResponseMessage());
result = null;
}
if(result.toString().contains("\"successful\": true")) {
http_response.setStatus(HttpServletResponse.SC_OK);
chain.doFilter(request, response);
}