stackoom
  简体   繁体   中英

Two login authentication ways in Spring Boot

 原文  2021-07-21 07:48:39       spring/ spring-boot/ spring-security

Question

I need develop an app with two authentication endpoints: one a login web form and other sending credentials via custom token.

I create two WebSecurityConfigurerAdapter and the login forms work perfectly but the token not: When I tried to identify via token, it run ok but always redirect to de login form page.

This is my configuration:

protected void configure(HttpSecurity http) throws Exception {
        http
            .addFilterBefore(authenticationFilter(), CustomAuthenticationFilter.class)
            .authorizeRequests()
                .mvcMatchers(PublicUrls.URLS).permitAll()
                .anyRequest().fullyAuthenticated()
                .and()
            .formLogin()
                .loginPage("/login")
                .defaultSuccessUrl("/")
                .permitAll()
                .and()
            .cors()
                .and()
            .logout()
                .invalidateHttpSession(true)
                .clearAuthentication(true)
                .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                .logoutSuccessUrl("/login?logout")
                .permitAll();
}

.. and the token configuration: 

protected void configure(HttpSecurity http) throws Exception {
        // @formatter:off
        http
            .mvcMatcher(LOGINJWT)
            .addFilterBefore(authenticationFilter(), WebAsyncManagerIntegrationFilter.class)
            .authorizeRequests()
               .antMatchers(LOGINJWT).permitAll()
               .anyRequest().fullyAuthenticated()
               .and()
            .logout()
               .invalidateHttpSession(true)
               .clearAuthentication(true)
               .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
               .logoutSuccessUrl("/login?logout")
               .permitAll();
         // @formatter:on
}

When I trie to authenticate via token, it run the customFilter , and the custom authentication provider correctly but always redirect to login page.

The classes order annotation are this:

     // Token annotation class
@Configuration
@Order(1)
@EnableWebSecurity
public class JwtWebSecurityConfigurerAdapter
        extends WebSecurityConfigurerAdapter {....}

//login annotation clas
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
@EnableWebSecurity
@Configuration
@RequiredArgsConstructor
@Slf4j
@Order(2)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {...}

I don't see the problem.

1 answers

solution1
 0  2021-07-21 21:04:52

我发现了问题:JWT 过滤器在WebAsyncManagerIntegrationFilter之前执行。

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring Boot two ways for Authentication: Combine LDAP and token based auth Skip Authentication for /login in spring boot Spring boot with authentication - login page not found (404) Spring boot authentication issue - always redirected to /login Spring Boot Security /login authentication with angularJS spring boot jwt no redirection after login authentication Differents authentication ways on same URLs with spring-boot Spring Boot Custom Authentication Provider redirect after login not working Spring boot security with 3 fields authentication and custom login form Spring Boot JWT Authentication: trigger a method after login and logout
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM