我目前正在摆弄 Spring Security。现在我做了一个拐杖来检查授权,但是不起作用。身份验证不会转发到控制器。我上过这样的课。
客户过滤器
@Component
@RequiredArgsConstructor
public class CustomFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
String headerAuth = request.getHeader("Authorization");
if (StringUtils.hasText(headerAuth) && headerAuth.equals("abc")) {
UsernamePasswordAuthenticationToken authentication
= new UsernamePasswordAuthenticationToken("dad","4343");
System.out.println("yes");
SecurityContextHolder.getContext().setAuthentication(authentication);
}
filterChain.doFilter(request, response);
}
}
UserDetailsServiceImpl
@Component
public class UserDetailsServiceImpl implements UserDetailsService {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
return new User("dad", "4343", new ArrayList<>());
}
}
安全配置
@Configuration
@EnableMethodSecurity
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfiguration {
private final UserDetailsService userDetailsService;
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http
.csrf(AbstractHttpConfigurer::disable)
.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authorizeHttpRequests(auth -> {
auth.requestMatchers("/api/v1/dfsdfs").permitAll()
.anyRequest().authenticated();
})
.authenticationProvider(authenticationProvider())
.addFilterBefore(new CustomFilter(), UsernamePasswordAuthenticationFilter.class)
.build();
}
@Bean
public DaoAuthenticationProvider authenticationProvider() {
DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
authProvider.setUserDetailsService(userDetailsService);
authProvider.setPasswordEncoder(passwordEncoder());
return authProvider;
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authConfig) throws Exception {
return authConfig.getAuthenticationManager();
}
}
问题是由于某种原因它没有授权我。控制器不会向标准输出输出任何内容。也就是说,它不允许访问受保护的端点。请帮助我
通过在 CustomFilter 中添加此代码来修复
if (StringUtils.hasText(headerAuth) && headerAuth.equals("abc")) {
UsernamePasswordAuthenticationToken authentication
= new UsernamePasswordAuthenticationToken("dad","4343", new ArrayList<>());
(我添加新的ArrayList <>()来进行身份验证)