获取到token之后,再通过token去访问资源,但仍然会跳转到表单的登录页面
来源:7-1 SpringSecurity授权简介
慕仙0385964
2017-10-26
写回答
2回答
-
慕仙0385964
提问者
2017-10-26
token能正常获取,然后我利用token去访问受保护资源的时候 /order/1 并在头部添加bearer token值时,它其实是跳转到表单登录页面。并没有返回具体的结果
AutherticationProvider的代码
@Component public class DifferAuthenticationProvider implements AuthenticationProvider { private Logger logger=LoggerFactory.getLogger(getClass()); @Autowired private UserDetailsService userDetailService; /* (non-Javadoc) * @see org.springframework.security.authentication.AuthenticationProvider#authenticate(org.springframework.security.core.Authentication) */ @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { // TODO Auto-generated method stub String username=authentication.getName();//这个是表单提交的用户名; String password=(String)authentication.getCredentials();//这个是密码; logger.info("用户名:"+username+",密码:"+password); DifferUser userInfo=(DifferUser)userDetailService.loadUserByUsername(username); if(userInfo==null) { throw new BadCredentialsException("用户不存在"); } Md5PasswordEncoder md5PasswordEncoder=new Md5PasswordEncoder(); String encodePwd=md5PasswordEncoder.encodePassword(password, username); logger.info("加密后的密码:"+encodePwd); logger.info("用户的密码:"+userInfo.getPassword()); if(!encodePwd.equals(userInfo.getPassword())) { throw new BadCredentialsException("密码不正确"); } Collection<? extends GrantedAuthority> authorities=userInfo.getAuthorities(); return new UsernamePasswordAuthenticationToken(userInfo, password,authorities); } /* (non-Javadoc) * @see org.springframework.security.authentication.AuthenticationProvider#supports(java.lang.Class) */ @Override public boolean supports(Class<?> authentication) { // TODO Auto-generated method stub return true; } }WebSecurityConfig的代码
@Configuration @EnableWebSecurity @Order(2) public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private AuthenticationProvider provider; /** * 重写默认的配置 */ @Override protected void configure(HttpSecurity http) throws Exception { http .formLogin() .loginPage("/login.html") .loginProcessingUrl("/login/form") .permitAll() .and() .logout() .permitAll() .and() .authorizeRequests() .antMatchers("/","/public","/login.html","/oauth/*").permitAll() .anyRequest().authenticated() .and() .csrf().disable(); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider(provider); } }ResourceConfig的代码
@Configuration @EnableResourceServer @Order(6) public class DifferResourceServerConfig extends ResourceServerConfigurerAdapter { @Override public void configure(ResourceServerSecurityConfigurer resources) { resources.resourceId("order").stateless(false); } @Override public void configure(HttpSecurity http) throws Exception { System.out.println("====================ResourceServerConfiguration.configure(HttpSecurity http)"); // @formatter:off http // Since we want the protected resources to be accessible in the UI as well we need // session creation to be allowed (it's disabled by default in 2.0.6) .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED) .and() .requestMatchers() .antMatchers("/order/*") .and() .authorizeRequests() .antMatchers("/me","/product/*").authenticated(); // @formatter:on } }00 -
JoJo
2017-10-26
00
Spring Security技术栈开发企业级认证与授权
Spring Security技术栈,REST风格开发常见接口,独立开发认证授权模块保证REST服务安全
2662 学习 · 1561 问题
相似问题