在我的spring boot应用程序中,我有一个用于登录的端点和一个用于注册的端点。进行所有注册后,可以正确创建新用户。
然后,如果我尝试使用刚刚创建的凭据登录,Postman将返回401未经授权错误。这些是我的控制器方法(先登录,然后注册):
@PostMapping(PathConstants.LOGIN_ACTION)
@ApiOperation("Login into Helios administrational console.")
@Override
public ResponseEntity<?> autenticate(@Valid @RequestBody LoginRequest request) {
System.out.println("Login");
System.out.println("Us psw " + request.getUsername() + " " + request.getPassword());
Authentication auth = authManager
.authenticate(new UsernamePasswordAuthenticationToken(request.getUsername(), request.getPassword()));
System.out.println("Auth " + auth.toString());
SecurityContextHolder.getContext().setAuthentication(auth);
String token = jwtProvider.generateToken(auth);
System.out.println("TOken " + token);
return ResponseEntity.ok(new JwtAuthResponse(token));
}
@PostMapping(PathConstants.SIGNUP_ACTION)
@ApiOperation("Signup to Helios administrational console.")
@Override
public ResponseEntity<?> register(@Valid @RequestBody SignUpRequest request) {
sysdataUserService.createNewSysdataUser(request);
return ResponseEntity.ok().body(new DashboardResponse(true, "New sysdata user registered successfully."));
}
我在控制台“登录”和“ Us psw”上输入了正确的数据,但是在
之后Authentication auth = authManager
.authenticate(...)
不打印任何内容。我认为authenticate
方法存在问题,但是可能是什么问题?我该如何解决呢?这些是我的安全配置:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable().authorizeRequests()
.antMatchers(HttpMethod.POST, PathConstants.USER_AUTH +"/**", PathConstants.HELIOS+"/dashboard/**").permitAll()
.antMatchers(HttpMethod.GET, "/"+PathConstants.PROCESS_DEFINITION+"/**").permitAll()
.antMatchers(HttpMethod.POST, "/"+PathConstants.PROCESS_DEFINITION+"/**").permitAll()
.antMatchers(HttpMethod.GET, "/"+PathConstants.PROCESS_INSTANCE+"/**").permitAll()
.antMatchers(HttpMethod.POST, PathConstants.LOGIN_ACTION).permitAll()
//.anyRequest().authenticated()
.anyRequest().permitAll()
.and()
.exceptionHandling().authenticationEntryPoint(jwtAuthEntryPoint).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// custom jwt filter.
http.addFilterBefore(jwtAuthFilter(), UsernamePasswordAuthenticationFilter.class);
}
我添加了.antMatchers(HttpMethod.POST, PathConstants.LOGIN_ACTION).permitAll()
来尝试这种方式是否有效,但是我仍然有401。然后,我有了这些针对Cors的WebMvcConfigurations策略:
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/api/**")
.allowedOrigins("*")
.allowedMethods("HEAD", "OPTIONS", "GET", "POST", "PUT", "PATCH", "DELETE")
.allowedHeaders("Content-Type", "X-Requested-With", "accept", "Origin", "Access-Control-Request-Method",
"Access-Control-Request-Headers")
.exposedHeaders("Access-Control-Allow-Origin", "Access-Control-Allow-Credentials").maxAge(MAX_AGE);
//.allowCredentials(true).maxAge(MAX_AGE);
}
怎么了?
所有其他端点正常工作,但无法登录。