401在注册时尝试登录时产生的未经授权的效果很好。
在调试期间,我发现在authenticationManager.authenticate()
at方法UserController
被调用的那一行给出了响应。我注意到的另一件事是,由于某些原因,在使用JPA存储库而不是DAO时,我没有遇到此问题。我正在使用PostgreSQL
这是以下情况下对应方法的代码UserController
:
@RequestMapping(path = "/auth", method = RequestMethod.POST)
@ResponseStatus(value = HttpStatus.OK)
public AuthResponse authenticate(@RequestBody AuthRequest req){
authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(req.getUsername(), req.getPassword()));
String token = jwtService.generateToken(req.getUsername());
return new AuthResponse(token);
}
JwtFilter.doFilterInternal():
@Override
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
String authorizationHeader = httpServletRequest.getHeader("Authorization");
String jwtToken = null;
String username = null;
if (authorizationHeader != null && authorizationHeader.startsWith("Bearer")) {
jwtToken = authorizationHeader.substring(7);
username = jwtService.extractUsername(jwtToken);
}
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UserDetails userDetails = userDetailsService.loadUserByUsername(username);
if (jwtService.validateToken(jwtToken, userDetails.getUsername())) {
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(
userDetails, null, userDetails.getAuthorities()
);
usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest));
SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
}
}
filterChain.doFilter(httpServletRequest, httpServletResponse);
}
SecurityConfig.configure():
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().cors().disable()
.authorizeRequests()
.anyRequest().permitAll()
.and().addFilterBefore(jwtFilter, UsernamePasswordAuthenticationFilter.class)
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and().httpBasic();
}
UserService.loadUserByUsername():
@Service
public class UserService implements IUserService, UserDetailsService {
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
User userByName = userDao.getUserByUsername(s);
return new org.springframework.security.core.userdetails.User(userByName.getUsername(), userByName.getPassword(), userByName.getAuthorities());
}
}
DAO查询:
@Override
public User getUserByUsername(String username) {
return jdbcTemplate.queryForObject("SELECT * FROM user_table WHERE username = ?", new Object[]{username}, User.class);
}
问题是查询未返回预期值。我变了:
@Override
public User getUserByUsername(String username) {
List<User> userList = jdbcTemplate.query("SELECT * FROM user_table WHERE username = ?", new Object[]{username}, (resultSet,i) -> {
System.out.println(1);
return new User(resultSet.getInt("id"),
resultSet.getString("username"),
resultSet.getString("password"),
resultSet.getString("role"));
});
return userList.get(0);
}
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句