堆栈内存溢出
  繁体   English   中英

更改spring security中的登录服务URL

[英]Changing the login service URL in spring security

 原文  2017-09-01 09:04:19       java/ spring/ spring-boot/ spring-security

问题描述

嗨,我已经使用 JWT 过滤器在我的 Spring Boot Web 应用程序中实现了 Spring 安全性。 但是默认身份验证发生在 url http://localhost:8080/login 如何将/login更改为我需要的某些 url,例如/rest/auth/login

我的网络WebSecurity类是

@EnableWebSecurity
public class WebSecurity extends WebSecurityConfigurerAdapter {

@Autowired
private UserDetailsService userDetailsService;

@Autowired
private BCryptPasswordEncoder bCryptPasswordEncoder;

public WebSecurity( UserDetailsService userDetailsService, BCryptPasswordEncoder bCryptPasswordEncoder )
{
    this.userDetailsService = userDetailsService;
    this.bCryptPasswordEncoder = bCryptPasswordEncoder;
}

@Override
protected void configure( HttpSecurity http ) throws Exception
{
    http.cors().and().csrf().disable().authorizeRequests().antMatchers(HttpMethod.POST, "/rest/auth/**").permitAll()
            .antMatchers("/static/*").permitAll().antMatchers("/").permitAll()
            /* .anyRequest().authenticated() */.and()
            .addFilter(new JWTAuthenticationFilter(authenticationManager()))
            .addFilter(new JWTAuthorizationFilter(authenticationManager()));
}

@Override
public void configure( AuthenticationManagerBuilder auth ) throws Exception
{
    auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);
}

@Override
public void configure( org.springframework.security.config.annotation.web.builders.WebSecurity web )
        throws Exception
{

    web.ignoring().antMatchers("/static/**");
}

@Bean
CorsConfigurationSource corsConfigurationSource()
{
    final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", new CorsConfiguration().applyPermitDefaultValues());
    return source;
}
}

我的静态目录下的资源文件夹中有一个登录页面。 Spring security 的工作方式是,当用户从表单发送userNamepassword ,客户端必须将这些凭据发送到服务器中的/login路径,以便 spring security 验证这些凭据并创建令牌。 但我想将默认路径/login更改为/rest/auth/login

6 个解决方案

解决方案1
 7 已采纳  2018-04-29 12:24:02

您需要调整WebSecurityConfig.javaJWTAuthenticationFilter

@Override
protected void configure( HttpSecurity http ) throws Exception
{

    http.csrf().disable()

            .authorizeRequests()

            .antMatchers("/rest/noauth/**").permitAll()

            .antMatchers("/rest/login").permitAll()

            .antMatchers("/rest/logout").permitAll()

            .antMatchers("/src/**").permitAll()

            .antMatchers("/v2/api-docs/**", "/configuration/ui/**", "/swagger-resources/**",
                    "/configuration/security/**", "/swagger-ui.html/**", "/webjars/**")
            .permitAll()

            .anyRequest().authenticated()

            .and()

            .logout().addLogoutHandler(logoutHandler).logoutSuccessHandler(logoutSuccessHandler)
            .logoutUrl("/rest/logout")

            .and()

            .addFilterBefore(
                    new JWTAuthenticationFilter("/rest/login",
                    UsernamePasswordAuthenticationFilter.class)

            .addFilterBefore(new JWTAuthorizationFilter(authenticationManager(), authTokenModelRepository),
                    UsernamePasswordAuthenticationFilter.class);

    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

}

并使您的JWTAuthenticationFilter扩展AbstractAuthenticationProcessingFilter ,它具有一个采用filterProcessingURl的构造函数,我将/rest/login作为参数传递。

public class JWTAuthenticationFilter extends AbstractAuthenticationProcessingFilter {

private static final Logger LOGGER = LoggerFactory.getLogger(JWTAuthenticationFilter.class);

private AuthenticationManager authenticationManager;
private TokenService tokenService;
private UserModel credentials;

private RefreshTokenService refreshTokenService;
private AuthTokenModelRepository authTokenModelRepository;
private UserModelRepository userModelRepository;

public JWTAuthenticationFilter( String loginUrl, AuthenticationManager authenticationManager,
        TokenService tokenService, RefreshTokenService refreshTokenService,
        AuthTokenModelRepository authTokenModelRepository, UserModelRepository userModelRepository )
{
    super(new AntPathRequestMatcher(loginUrl));

}

完成上述配置后,将针对请求/rest/login执行JWTAuthenticationFilter

解决方案2
 6  2020-04-24 21:40:04

在您的 AuthenticationFilter 中,您可以在构造过程中调用setFilterProcessesUrl ,例如:

public class JWTAuthenticationFilter extends UsernamePasswordAuthenticationFilter {

   private AuthenticationManager authenticationManager;

   public JWTAuthenticationFilter(AuthenticationManager authenticationManager) {
      this.authenticationManager = authenticationManager;

      setFilterProcessesUrl("/api/v1/tokens"); // <--- like this
   }

   ...

希望它有帮助。

解决方案3
 0  2021-10-20 23:59:59

只是为了补充Jordy Baylac 的回答:在 Kotlin 中,一旦我通过主构造函数注入依赖项,我就很难设置过滤器。 我的解决方案是做这样的事情:

class AuthenticationFilter(
    authenticationManager: AuthenticationManager?,
    private var jwtUtilsComponent: JwtUtilsComponent,
) : UsernamePasswordAuthenticationFilter() {
    private val authManager: AuthenticationManager? = authenticationManager

    init {
        setFilterProcessesUrl("/${ApiProperties.BASE_PATH}/login")
    }
    
    // more code
}

然后它工作得很好。

解决方案4
 -1  2017-09-01 09:37:19

在 configure 方法中尝试添加loginProcessungUrl()方法。 您可以在参数中设置值

.addFilter(new JWTAuthorizationFilter(authenticationManager()))
.loginProcessingUrl(LOGIN_URL);

解决方案5
 -1  2017-09-02 11:28:51

您需要提供登录页面的 url 和将处理身份验证的 url。 这可以通过像这样覆盖方法来完成:

    @Override
    protected void configure( HttpSecurity http ) throws Exception
    {
        http.cors().and().csrf().disable().
        authorizeRequests().
        antMatchers(HttpMethod.POST, "/rest/auth/**").
        permitAll()           
       .antMatchers("/static/*").permitAll()  
       .antMatchers("/").permitAll()
       .and().formLogin().
       /*This is where the juice is*/
       loginPage("/login").loginProcessingUrl("/rest/auth/login")
       /* .anyRequest().authenticated() */.and()
       .addFilter(new JWTAuthenticationFilter(authenticationManager()))
       .addFilter(new JWTAuthorizationFilter(authenticationManager()));
        }

loginPage("/login") 可以替换为静态登录页面的路由,而 loginProcessingUrl 是处理登录逻辑的控制器的 URL。 确保 /login 和 /loginProcesingUrl 都存在控制器。

解决方案6
 -2  2017-09-01 14:10:09

修改“HttpSecurity”,如下,示例:

@Override
protected void configure( HttpSecurity http ) throws Exception {
http.cors().and().csrf().disable().authorizeRequests().antMatchers(HttpMethod.POST, "/rest/auth/**").permitAll()
        .antMatchers("/static/*").permitAll().antMatchers("/").permitAll()
        /* .anyRequest().authenticated() */
        .and()
             .formLogin()
             .loginPage("/login")
             .loginProcessingUrl("/rest/auth/login")
             .permitAll()
        .and()
             .logout()
             .permitAll();
        .and()
             .addFilter(new JWTAuthenticationFilter(authenticationManager()))
             .addFilter(new JWTAuthorizationFilter(authenticationManager()));
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 spring 安全登录 url 使用参数 url 登录 spring security Spring安全自定义登录URL 春季安全性更改spring_security_login表单 带有其余Web服务的Spring Security登录 spring 安全登录总是重定向到失败 url 在Spring Security中以编程方式设置login-url Spring Security无法找到登录URL Spring Security登录页面URL参数 登录后保持相同的URL Spring安全性
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM