我想通过/ login'WebSecurityConfigurerAdapter'类使用'基本身份验证'检查基本内容 但是当我通过邮递员发布用户名和密码时,总是会收到“身份验证失败:凭据错误”
这是我的“ WebSecurityConfigurerAdapter”
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import com.test.example.JWTAuthenticationProcessingFilter.JWTAuthenticationProcessingFilter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@Configuration
public class CustomWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("proSbeginner").password(passwordEncoder().encode("1234")).authorities("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests().antMatchers("/").permitAll().antMatchers(HttpMethod.POST, "/login")
.permitAll().anyRequest().authenticated().and()
.addFilterBefore(new JWTAuthenticationProcessingFilter("/login", authenticationManager()),
UsernamePasswordAuthenticationFilter.class);
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
这是我的'AbstractAuthenticationProcessingFilter'
package com.test.example.JWTAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.test.example.controller.UserCredentials;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Collections;
public class JWTAuthenticationProcessingFilter extends AbstractAuthenticationProcessingFilter {
public JWTAuthenticationProcessingFilter(String url, AuthenticationManager manager) {
super(new AntPathRequestMatcher(url));
setAuthenticationManager(manager);
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException, IOException, ServletException {
UserCredentials credentials = new ObjectMapper().readValue(request.getInputStream(), UserCredentials.class);
return getAuthenticationManager().authenticate(new UsernamePasswordAuthenticationToken(
credentials.getUsername(), credentials.getPassword(), Collections.emptyList()));
}
}
这个。是我的“模特”
package com.test.example.controller;
public class UserCredentials {
private String username;
private String password;
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}