它发生在springsecurity源代码LogoutFilter.class
中我使用springboot + springsecurity 我制作了一个从AbstractAuthenticationProcessingFilter扩展来的客户过滤器,以检查验证码。 我使用springsecurity的默认登录和注销。 当我登录成功并且SecurityContextHolder.getContext()。setAuthentication成功时发生了这种情况,但是当我要注销时,SecurityContextHolder.getContext()。getAuthentication返回null。
public class VerificationCodeAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
private String defaultFilterProcessesUrl;
@Resource
private RedisUtil redisUtil;
@Resource
private AjaxAuthenticationFailureHandler authenticationFailureHandler;
public VerificationCodeAuthenticationFilter(String defaultFilterProcessesUrl, AjaxAuthenticationFailureHandler authenticationFailureHandler, AuthenticationManager authenticationManager) {
super(defaultFilterProcessesUrl);
this.defaultFilterProcessesUrl = defaultFilterProcessesUrl;
this.authenticationFailureHandler = authenticationFailureHandler;
setAuthenticationFailureHandler(authenticationFailureHandler);
setAuthenticationManager(authenticationManager);
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
if (defaultFilterProcessesUrl.equals(request.getServletPath()) && "POST".equalsIgnoreCase(request.getMethod())) {
try {
if (StringUtils.equals("1", verCodeSwitch)) {
if (!checkVerCode(request, response)) {
return;
}
}
} catch (AuthenticationException e) {
authenticationFailureHandler.onAuthenticationFailure(request, response, e);
return;
}
}
chain.doFilter(request, response);
}
@Override
public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException, ServletException {
return null;
}
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Resource
private DisableUrlSessionFilter disableUrlSessionFilter;
@Resource
private AjaxAuthenticationSuccessHandler authenticationSuccessHandler;
@Resource
private AjaxAuthenticationFailureHandler authenticationFailureHandler;
@Resource
private AjaxAuthenticationEntryPoint authenticationEntryPoint;
@Resource
private AjaxLogoutSuccessHandler logoutSuccessHandler;
@Bean
public VerificationCodeAuthenticationFilter getVerificationCodeAuthenticationFilter() throws Exception {
return new VerificationCodeAuthenticationFilter("/login", authenticationFailureHandler, authenticationManagerBean());
}
@Bean
public MyUserDetailsService userDetailsService() {
return new MyUserDetailsService();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new PasswordEncoder() {
@Override
public String encode(CharSequence charSequence) {
return charSequence.toString();
}
@Override
public boolean matches(CharSequence charSequence, String s) {
return Objects.equals(charSequence.toString(), s);
}
};
}
@Autowired
public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService());
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
protected void configure(HttpSecurity http) throws Exception {
http
.cors().and()
.csrf().disable()
.authorizeRequests()
.requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
.antMatchers("/verify/**", "/oauth/**", "/logout").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.successHandler(authenticationSuccessHandler)
.failureHandler(authenticationFailureHandler)
.permitAll()
.and()
.logout()
.logoutSuccessHandler(logoutSuccessHandler)
.permitAll()
.and()
.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint)
.and()
.headers().cacheControl();
http.addFilterBefore(disableUrlSessionFilter, UsernamePasswordAuthenticationFilter.class);
http.addFilterBefore(getVerificationCodeAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
我的控制台中没有任何异常。当我调试源代码LogoutFilter.class
时,我发现它返回null。