401在authenticationManager.authenticate()上未经授权(Spring Security)
克莱恩
401在注册时尝试登录时产生的未经授权的效果很好。
在调试期间,我发现在authenticationManager.authenticate()at方法UserController被调用的那一行给出了响应。我注意到的另一件事是,由于某些原因,在使用JPA存储库而不是DAO时,我没有遇到此问题。我正在使用PostgreSQL
这是以下情况下对应方法的代码UserController:
@RequestMapping(path = "/auth", method = RequestMethod.POST)
@ResponseStatus(value = HttpStatus.OK)
public AuthResponse authenticate(@RequestBody AuthRequest req){
authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(req.getUsername(), req.getPassword()));
String token = jwtService.generateToken(req.getUsername());
return new AuthResponse(token);
}
JwtFilter.doFilterInternal():
@Override
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
String authorizationHeader = httpServletRequest.getHeader("Authorization");
String jwtToken = null;
String username = null;
if (authorizationHeader != null && authorizationHeader.startsWith("Bearer")) {
jwtToken = authorizationHeader.substring(7);
username = jwtService.extractUsername(jwtToken);
}
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UserDetails userDetails = userDetailsService.loadUserByUsername(username);
if (jwtService.validateToken(jwtToken, userDetails.getUsername())) {
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(
userDetails, null, userDetails.getAuthorities()
);
usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest));
SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
}
}
filterChain.doFilter(httpServletRequest, httpServletResponse);
}
SecurityConfig.configure():
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().cors().disable()
.authorizeRequests()
.anyRequest().permitAll()
.and().addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().httpBasic();
}
UserService.loadUserByUsername():
@Service
public class UserService implements IUserService, UserDetailsService {
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
User userByName = userDao.getUserByUsername(s);
return new org.springframework.security.core.userdetails.User(userByName.getUsername(), userByName.getPassword(), userByName.getAuthorities());
}
}
DAO查询:
@Override
public User getUserByUsername(String username) {
return jdbcTemplate.queryForObject("SELECT * FROM user_table WHERE username = ?", new Object[]{username}, User.class);
}
克莱恩
问题是查询未返回预期值。我变了:
@Override
public User getUserByUsername(String username) {
List<User> userList = jdbcTemplate.query("SELECT * FROM user_table WHERE username = ?", new Object[]{username}, (resultSet,i) -> {
System.out.println(1);
return new User(resultSet.getInt("id"),
resultSet.getString("username"),
resultSet.getString("password"),
resultSet.getString("role"));
});
return userList.get(0);
}
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
编辑于
相关文章
TOP 榜单
- 1
Android Studio Kotlin:提取为常量
- 2
计算数据帧R中的字符串频率
- 3
如何使用Redux-Toolkit重置Redux Store
- 4
http:// localhost:3000 /#!/为什么我在localhost链接中得到“#!/”。
- 5
如何使用tweepy流式传输来自指定用户的推文(仅在该用户发布推文时流式传输)
- 6
TreeMap中的自定义排序
- 7
TYPO3:将 Formhandler 添加到新闻扩展
- 8
遍历元素数组以每X秒在浏览器上显示
- 9
在Ubuntu和Windows中,触摸板有时会滞后。硬件问题?
- 10
警告消息:在matrix(unlist(drop.item),ncol = 10,byrow = TRUE)中:数据长度[16]不是列数的倍数[10]>?
- 11
无法连接网络并在Ubuntu 14.04中找到eth0
- 12
将辅助轴原点与主要轴对齐
- 13
我可以ping IPv6但不能ping IPv4
- 14
在Jenkins服务器中使用Selenium和Ruby进行的黄瓜测试失败,但在本地计算机中通过
- 15
提交html表单时为空
- 16
使用C ++ 11将数组设置为零
- 17
如果从DB接收到的值为空,则JMeter JDBC调用将返回该值作为参数名称
- 18
尝试在Dell XPS13 9360上安装Windows 7时出错
- 19
如何在R中转置数据
- 20
无法使用 envoy 访问 .ssh/config
- 21
未捕获的SyntaxError:带有Ajax帖子的意外令牌u
我来说两句