如何解决Spring Security 在 REST 问题中记住我
我想在登录时使用 remember-me。但它不起作用,我不知道该怎么办。前端由 Vue.js 开发,我由 Spring Boot 开发后端,因此 Login api 具有自定义身份验证过滤器以通过 JSON 发送数据。即使'alwaysRemember' 设置为'true',cookie 也不会显示。
这是我的自定义身份验证过滤器。
public class CustomAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
private boolean postOnly = true;
private HashMap<String,String> jsonRequest;
@Override
protected String obtainPassword(HttpServletRequest request) {
String passwordParameter = super.getpasswordParameter();
if(request.getHeader("Content-Type").equals(ContentType.APPLICATION_JSON.getMimeType())) {
return jsonRequest.get(passwordParameter);
}
return request.getParameter(passwordParameter);
}
@Override
protected String obtainUsername(HttpServletRequest request) {
String usernameParameter = super.getUsernameParameter();
if(request.getHeader("Content-Type").equals(ContentType.APPLICATION_JSON.getMimeType())) {
return jsonRequest.get(usernameParameter);
}
return request.getParameter(usernameParameter);
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request,HttpServletResponse response){
if(postOnly && !request.getmethod().equals("POST")) {
throw new AuthenticationServiceException("Authentication method not supported : " + request.getmethod());
}
if(request.getHeader("Content-Type").equals(ContentType.APPLICATION_JSON.getMimeType())) {
ObjectMapper objectMapper = new ObjectMapper();
try {
this.jsonRequest = (HashMap<String,String>) objectMapper.readValue(request.getReader().lines().collect(Collectors.joining()),new TypeReference<Map<String,String>>() {
});
} catch (IOException e) {
e.printstacktrace();
throw new AuthenticationServiceException("Request Content-Type(application/json) Parsing Error");
}
}
String username = obtainUsername(request);
String password = obtainPassword(request);
//String rememberMe = request.getParameter("remember-me");
if(username == null) username = "";
if(password == null) username = "";
username = username.trim();
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username,password);
setDetails(request,authRequest);
return this.getAuthenticationManager().authenticate(authRequest);
}
@Override
public void setPostOnly(boolean postOnly) {
this.postOnly = postOnly;
}
}
安全配置代码如下。
@Configuration
@EnableWebSecurity
@requiredArgsConstructor
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private final CustomOAuth2UserService customOAuth2UserService;
private final MemberService memberService;
private final DataSource dataSource;
private final RestAuthenticationEntryPoint restAuthenticationEntryPoint;
private final AuthFailureHandler authFailureHandler;
private final AuthSuccessHandler authSuccessHandler;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.mvcMatchers("/","/tour","/login","/check-email-token","/test","/tour-search","/tour-popular","/docs","/your-profile","/send-email","/email-login","/check-email-login","/login-link","/sign-up","/sign-up-oauth").permitAll()
.antMatchers("/valid-nickname/**","/valid-email/**").permitAll()
.antMatchers("/login").permitAll()
.antMatchers("/tour-detail/**").permitAll()
.anyRequest().authenticated();
http.oauth2Login()
.userInfoEndpoint()
.userService(customOAuth2UserService);
http.exceptionHandling()
.authenticationEntryPoint(restAuthenticationEntryPoint); // 인증 실패시 401
http.formLogin().disable();
http.logout()
.logoutSuccessUrl("/");
// 로그인 유지
String rememberKey = "remember_me";
http.rememberMe()
.key(rememberKey)
.rememberMeParameter(rememberKey)
.rememberMeCookieName(rememberKey)
.userDetailsService(memberService)
.alwaysRemember(true)
.tokenRepository(tokenRepository());
http.csrf().disable();
http.cors();
// Json
http.addFilterBefore(customAuthenticationFilter(),UsernamePasswordAuthenticationFilter.class);
}
// Json
@Bean
public CustomAuthenticationFilter customAuthenticationFilter() throws Exception {
CustomAuthenticationFilter filter = new CustomAuthenticationFilter();
try {
filter.setFilterProcessesUrl("/login");
filter.setAuthenticationManager(this.authenticationManagerBean());
filter.setUsernameParameter("email");
filter.setPasswordParameter("password");
filter.setAuthenticationSuccessHandler(authSuccessHandler);
//filter.setAuthenticationFailureHandler(authFailureHandler);
} catch (Exception e) {
e.printstacktrace();
}
return filter;
}
@Bean
public PersistentTokenRepository tokenRepository() {
JdbcTokenRepositoryImpl jdbcTokenRepository = new JdbcTokenRepositoryImpl();
jdbcTokenRepository.setDataSource(dataSource);
return jdbcTokenRepository;
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.mvcMatchers("/node_modules/**")
.requestMatchers(PathRequest.toStaticResources().atCommonLocations());
}
}
当我通过 POSTMAN 测试 Login api 时,remember-me cookie 不存在。但是当我使用 Oauth2 登录时,它确实如此。
我在登录时阻止了重定向,但我想知道这是否与此有关。 (因为当我做 Oauth2 登录时,它被重定向)而且我很好奇如何在我的开发环境中使用记住我。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
