[英]Spring Boot JWT Authentication: trigger a method after login and logout
[英]spring boot jwt no redirection after login authentication
在更正我的代码时需要帮助,登录身份验证后它没有重定向到主页
security config.java
@SuppressWarnings("deprecation")
@Configuration
@EnableWebSecurity
public class Security_Config extends WebSecurityConfigurerAdapter {
@Autowired
AuthenticationSuccessHandler successHandler;
@Autowired
private JwtFilter jwtFilter;
@Autowired
private CustomUserDetailService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Bean
public PasswordEncoder passwordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
System.out.println("http="+http);
// We don't need CSRF for this example
// http.csrf().disable()
// // dont authenticate this particular request
// .authorizeRequests().antMatchers("/authenticate").permitAll().
// antMatchers("/Login.html").permitAll().
// // all other requests need to be authenticated
// anyRequest().authenticated().and().
// // make sure we use stateless session; session won't be used to
// // store user's state.
// exceptionHandling().and().sessionManagement()
// .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/authenticate","/Login.html").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/Login").permitAll()
.loginProcessingUrl("/Login").permitAll()
.defaultSuccessUrl("/Home", true).permitAll()
.and()
.logout().logoutRequestMatcher(new AntPathRequestMatcher("/Logout")).permitAll()
.clearAuthentication(true)
.logoutSuccessUrl("/Login").permitAll()
.deleteCookies("JSESSIONID")
.invalidateHttpSession(true).and()
.exceptionHandling()
.accessDeniedPage("/Login")
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// // If a user try to access a resource without having enough permissions
// http.exceptionHandling().accessDeniedPage("/Login.html");
http.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class);
}
}
在我看来,JWT 身份验证的处理方式与传统的基于表单的身份验证不同,而在身份验证之后,我们应该返回 JWTTocken 而不是重定向到另一个页面。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.