我正在尝试制作Spring Boot API。我正在使用
通过http://localhost:8080/api/v1/database/authenticate在Postman上进行POST呼叫
{
"email": "asd@asd.com",
"password": "asd"
}作为正文。 (数据库中有一个具有此凭据的用户)
我在http://localhost:8080/api/v1/database/register上也有一个PUT请求的端点,并且工作正常。
我的控制器:
@RestController
@RequestMapping(value = "/api/v1/database")
public class DatabaseController {
...
@PostMapping(value = "/authenticate")
public ResponseEntity<?> loginUser(@RequestBody LoginUser loginUser) throws Exception {
try {
authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(loginUser.getEmail(), loginUser.getPassword()));
} catch (BadCredentialsException e) {
throw new Exception("Incorrect username or password");
}
final UserDetails userDetails = myUserDetailsService.loadUserByUsername(loginUser.getEmail());
final String jwt = jwtUtil.gerenateToken(userDetails);
return ResponseEntity.ok(new AuthenticationResponse(jwt));
}
...
我的SecurityConfigurer
@EnableWebSecurity
public class SecurityConfigurer extends WebSecurityConfigurerAdapter {
private MyUserDetailsService myUserDetailsService;
@Autowired
public SecurityConfigurer(MyUserDetailsService myUserDetailsService) {
this.myUserDetailsService = myUserDetailsService;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception{
auth.userDetailsService(myUserDetailsService).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf()
.disable()
.authorizeRequests()
.antMatchers("/api/v1/database/authenticate", "/api/v1/database/register")
.permitAll()
.anyRequest()
.authenticated();
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
...
我也有MyUserDetailsService,但是在此服务中,我仅实现从数据库中获取凭据的loadUserByUsername。
另外,对于注册,我使用BCryptPasswordEncoder编码密码,因此这不是来自错误凭据的错误。