[英]Spring Boot JWT Authentication: trigger a method after login and logout
[英]spring boot jwt no redirection after login authentication
在更正我的代碼時需要幫助,登錄身份驗證后它沒有重定向到主頁
security config.java
@SuppressWarnings("deprecation")
@Configuration
@EnableWebSecurity
public class Security_Config extends WebSecurityConfigurerAdapter {
@Autowired
AuthenticationSuccessHandler successHandler;
@Autowired
private JwtFilter jwtFilter;
@Autowired
private CustomUserDetailService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Bean
public PasswordEncoder passwordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
System.out.println("http="+http);
// We don't need CSRF for this example
// http.csrf().disable()
// // dont authenticate this particular request
// .authorizeRequests().antMatchers("/authenticate").permitAll().
// antMatchers("/Login.html").permitAll().
// // all other requests need to be authenticated
// anyRequest().authenticated().and().
// // make sure we use stateless session; session won't be used to
// // store user's state.
// exceptionHandling().and().sessionManagement()
// .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/authenticate","/Login.html").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/Login").permitAll()
.loginProcessingUrl("/Login").permitAll()
.defaultSuccessUrl("/Home", true).permitAll()
.and()
.logout().logoutRequestMatcher(new AntPathRequestMatcher("/Logout")).permitAll()
.clearAuthentication(true)
.logoutSuccessUrl("/Login").permitAll()
.deleteCookies("JSESSIONID")
.invalidateHttpSession(true).and()
.exceptionHandling()
.accessDeniedPage("/Login")
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// // If a user try to access a resource without having enough permissions
// http.exceptionHandling().accessDeniedPage("/Login.html");
http.addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class);
}
}
在我看來,JWT 身份驗證的處理方式與傳統的基於表單的身份驗證不同,而在身份驗證之后,我們應該返回 JWTTocken 而不是重定向到另一個頁面。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.