在Spring Security上以编程方式登录并在AngularJS(JHipster)上进行身份验证
[英]Programmatically login on Spring Security and authenticate on AngularJS (JHipster)
问题描述
I need to authenticate a JHipster (Spring Security/AngularJS) user after a regular GET request is made from the browser, and then redirect to the AngularJS app (for OpenID authentication) 
从浏览器发出常规GET请求后,我需要认证JHipster(Spring Security / AngularJS)用户,然后重定向到AngularJS应用(用于OpenID认证)
@GetMapping("/login")
@Timed
public void login(HttpServletResponse response) throws Exception {
User user = userRepository.findOneByLogin("user").get(); // For testing purposes
Authentication auth = new UsernamePasswordAuthenticationToken(user, null);
SecurityContextHolder.getContext().setAuthentication(auth);
response.setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY);
response.setHeader("Location", "http://localhost:8080/#/");
}
After the redirect to " http://localhost:8080/#/ " is made, the response header comes with a JSESSIONID, but I don't know if that's the token that I need (is this the "user" authenticated token?), and it doesn't persist in the browser cookies (maybe because of the redirect?) 重定向到“ http:// localhost:8080 /#/ ”后,响应头带有JSESSIONID,但我不知道这是否是我需要的令牌(这是“用户”身份验证令牌吗? ),并且它不会持久保存在浏览器Cookie中(可能是因为重定向?)
If I login using the default JHipster AngularJS username/password form, the response headers comes with 如果我使用默认的JHipster AngularJS用户名/密码形式登录,则响应标头附带
Set-Cookie:XSRF-TOKEN=108cadcf-2005-4e36-b055-438d75dc1ce9; path=/
Set-Cookie:JSESSIONID=foVcxycPQbUgS6nviKG1ftXSIgnlgDJdtxEGCSGZ; path=/; HttpOnly
Set-Cookie:remember-me=N2pNMGFRRGJENldhZWpQTGV2d1k6c3NOTkk1WWpnR28xcWRldDE2T3U; path=/; HttpOnly; Max-Age=2678400; Expires=Sun, 07-May-2017 07:40:16 GMT
I think the solution here would be to programmatically login the user, get a valid JSESSIONID token, and set it in the browser as a cookie while/after using the Location Header to redirect, but I'm having trouble with these steps. 我认为这里的解决方案是使用位置标题重定向时,以编程方式登录用户,获取有效的JSESSIONID令牌,然后在浏览器中将其设置为cookie,但我在执行这些步骤时遇到了麻烦。 Any help is appreciated. 任何帮助表示赞赏。
2 个解决方案
解决方案1
2 已采纳 2017-04-06 11:21:38
Actually, this line wasn't really authenticating the way I wanted it to: 实际上,这条线并没有真正验证我想要的方式:
Authentication auth = new UsernamePasswordAuthenticationToken(user, null);
The JSESSIONID was being set, but after a failed authentication upon a request it was being destroyed. 设置了JSESSIONID,但是在对请求的身份验证失败后,它被销毁了。
I changed to this: 我改为:
Authentication auth = new UsernamePasswordAuthenticationToken(user, null, new ArrayList<GrantedAuthority>());
By using a different constructor it is now authenticating properly. 通过使用其他构造函数,它现在可以正确地进行身份验证。
解决方案2
0 2017-04-06 12:01:00
JHipster provides OpenID authentication out of the box (called 'Social login') and it's much more complicated than 'regular GET request', so probably best solution will be to start with existing template instead of crafting your own. JHipster提供了开箱即用的OpenID身份验证(称为“社交登录”),它比“常规GET请求”复杂得多,因此最好的解决方案可能是从现有模板开始而不是精心设计自己的模板。
Next, 'JSESSIONID' cookie and request parameter are not controlled/created/modified by JHipster or Spring Security, this is on container level, part of servlet specification and fully controlled by servlet container, used internally (one of cases) to instantiate/get session beans. 接下来,“ JSESSIONID” cookie和请求参数不受JHipster或Spring Security的控制/创建/修改,这是在容器级别上,它是Servlet规范的一部分,并完全由Servlet容器控制,在内部(一种情况下)用于实例化/获取会话bean。 You should not attempt to overwrite them. 您不应该尝试覆盖它们。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.