I need develop an app with two authentication endpoints: one a login web form and other sending credentials via custom token.
I create two WebSecurityConfigurerAdapter
and the login forms work perfectly but the token not: When I tried to identify via token, it run ok but always redirect to de login form page.
This is my configuration:
protected void configure(HttpSecurity http) throws Exception {
http
.addFilterBefore(authenticationFilter(), CustomAuthenticationFilter.class)
.authorizeRequests()
.mvcMatchers(PublicUrls.URLS).permitAll()
.anyRequest().fullyAuthenticated()
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/")
.permitAll()
.and()
.cors()
.and()
.logout()
.invalidateHttpSession(true)
.clearAuthentication(true)
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login?logout")
.permitAll();
}
.. and the token configuration:
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.mvcMatcher(LOGINJWT)
.addFilterBefore(authenticationFilter(), WebAsyncManagerIntegrationFilter.class)
.authorizeRequests()
.antMatchers(LOGINJWT).permitAll()
.anyRequest().fullyAuthenticated()
.and()
.logout()
.invalidateHttpSession(true)
.clearAuthentication(true)
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login?logout")
.permitAll();
// @formatter:on
}
When I trie to authenticate via token, it run the customFilter
, and the custom authentication provider correctly but always redirect to login page.
The classes order annotation are this:
// Token annotation class
@Configuration
@Order(1)
@EnableWebSecurity
public class JwtWebSecurityConfigurerAdapter
extends WebSecurityConfigurerAdapter {....}
//login annotation clas
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
@EnableWebSecurity
@Configuration
@RequiredArgsConstructor
@Slf4j
@Order(2)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {...}
I don't see the problem.
我发现了问题:JWT 过滤器在WebAsyncManagerIntegrationFilter
之前执行。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.