[英]Unable to login in Spring Security
I have been facing a problem while implementing an annotation based Spring Security. 在实现基于注释的Spring Security时,我一直遇到问题。
When I post the data from my angular UI it hits the Spring Security but, it doesn't move into login attempt at all. 当我从我的有角度的UI中发布数据时,它会到达Spring Security,但是,它根本不会进入登录尝试。 I don't know where I am doing wrong.
我不知道我在哪里做错了。
My stateless login filter is: 我的无状态登录过滤器是:
class StatelessLoginFilter extends AbstractAuthenticationProcessingFilter {
private final TokenAuthenticationService tokenAuthenticationService;
private final CustomJDBCDaoImpl userDetailsService;
protected StatelessLoginFilter(String urlMapping, TokenAuthenticationService tokenAuthenticationService,
CustomJDBCDaoImpl userDetailsService, AuthenticationManager authManager) {
super(new AntPathRequestMatcher(urlMapping));
this.userDetailsService = userDetailsService;
this.tokenAuthenticationService = tokenAuthenticationService;
setAuthenticationManager(authManager);
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException, IOException, ServletException {
final UsernamePasswordAuthenticationToken loginToken = new UsernamePasswordAuthenticationToken(
request.getParameter("username").toString(), request.getParameter("password").toString());
return getAuthenticationManager().authenticate(loginToken);
}
@Override
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
FilterChain chain, Authentication authentication) throws IOException, ServletException {
// Lookup the complete User object from the database and create an Authentication for it
final UserDetails authenticatedUser = userDetailsService.loadUserByUsername(authentication.getName());
final UserAuthentication userAuthentication = new UserAuthentication(authenticatedUser);
// Add the custom token as HTTP header to the response
tokenAuthenticationService.addAuthentication(response, userAuthentication);
// Add the authentication to the Security context
SecurityContextHolder.getContext().setAuthentication(userAuthentication);
}
}
And my spring security configuration file is: 我的春季安全配置文件是:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity
@Order(1)
public class StatelessAuthenticationSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private TokenAuthenticationService tokenAuthenticationService;
public StatelessAuthenticationSecurityConfig() {
super(true);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.exceptionHandling().and()
.anonymous().and()
.servletApi().and()
.headers().cacheControl().and()
.authorizeRequests()
//allow anonymous resource requests
// .antMatchers("/").permitAll()
.antMatchers("/favicon.ico").permitAll()
.antMatchers("/resources/**").permitAll()
//allow anonymous POSTs to login
.antMatchers(HttpMethod.POST, "/api/login").permitAll()
//allow anonymous GETs to API
.antMatchers(HttpMethod.GET, "/api/**").permitAll()
//defined Admin only API area
.antMatchers("/api/admin/**").hasRole("ADMIN")
//all other request need to be authenticated
.anyRequest().hasRole("USER").and()
// custom JSON based authentication by POST of {"username":"<name>","password":"<password>"} which sets the token header upon authentication
.addFilterBefore(new StatelessLoginFilter("/api/login", tokenAuthenticationService, new CustomJDBCDaoImpl(), authenticationManager()), UsernamePasswordAuthenticationFilter.class)
// custom Token based authentication based on the header previously given to the client
.addFilterBefore(new StatelessAuthenticationFilter(tokenAuthenticationService), UsernamePasswordAuthenticationFilter.class);
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(new CustomJDBCDaoImpl()).passwordEncoder(new BCryptPasswordEncoder());
}
}
When I start my server it goes into StatlessLoginFilter constructor. 当我启动服务器时,它将进入StatlessLoginFilter构造函数。 But, when I access my page it directly shows me access denied without going into attemptLogin method of my statelessloginfilter class.
但是,当我访问页面时,它直接显示拒绝访问,而无需进入statelessloginfilter类的tryLogin方法。
My AngularJS post request looks like: 我的AngularJS发布请求如下所示:
$http.post('/api/login', { username: $scope.user.email, password: $scope.user.password }).success(function (result, status, headers) {
$scope.authenticated = true;
}
EDIT # 1: 编辑#1:
After adding http.csrf().disable() I got to attemptAuthentication. 添加http.csrf()。disable()之后,我开始尝试身份验证。 But, now request parameters are null.
但是,现在请求参数为空。
Info: 2016-03-23 00:59:59 DEBUG FilterChainProxy:337 - /api/login at position 1 of 7 in additional filter chain; firing Filter: 'HeaderWriterFilter'
Info: 2016-03-23 00:59:59 DEBUG FilterChainProxy:337 - /api/login at position 2 of 7 in additional filter chain; firing Filter: 'StatelessLoginFilter'
Info: 2016-03-23 00:59:59 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/api/login'; against '/api/login'
Info: 2016-03-23 00:59:59 DEBUG StatelessLoginFilter:205 - Request is to process authentication
Warning: StandardWrapperValve[com.security.AppConfig]: Servlet.service() for servlet com.security.AppConfig threw exception
java.lang.NullPointerException
....
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.