我正在使用spring-boot(使用JWT和spring security),并且在spring-boot中使用以下代码有一个类configSecurity:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.authorizeRequests().antMatchers("/login/**").permitAll();
http.authorizeRequests().antMatchers(HttpMethod.GET,"/ListProjects/**").hasAuthority("ADMIN");
http.authorizeRequests().anyRequest().authenticated()
.and()
.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint());
http.authorizeRequests().antMatchers(HttpMethod.OPTIONS, "/**").permitAll(); //allow CORS option calls
http.addFilter(new JWTAuthenticationFilter(authenticationManager()));
http.addFilterBefore(new JWTAutorizationFilter(), UsernamePasswordAuthenticationFilter.class);
}
还有一个类:JWTAuthenticationFilter.java,它包含contsructor:
@Autowired
public JWTAuthenticationFilter(AuthenticationManager authenticationManager)
{
this.authenticationManager = authenticationManager;
}
我的目标是更改securityConfig中的行:
http.addFilter(new JWTAuthenticationFilter(authenticationManager()));
变成这样的东西:
http.addFilter(jwtAuthenticationFilter.SetJWTAuthenticationFilter(authenticationManager());
所以我在SecurityConfig类中添加了Annocation @Autoweird,如下所示:
@Autowired
private JWTAuthenticationFilter jwtAuthenticationFilter;
所以我不知道如何在JWTAuthenticationFilter.java中制作此方法,
我做了这样的事情:
@Autowired
public JWTAuthenticationFilter SetJWTAuthenticationFilter(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
return // (1)
}
(1):那么在这种情况下我应该返回什么?我不想使用诸如新的JWTAuthenticationFilter()之类的东西。,有什么主意吗?还是我没有以正确的方式来做..?
编辑
添加这些更改后,我无法对用户进行身份验证,因此无法获取每个用户的令牌,我认为问题与新类有关,我添加了新类,该类实现了返回null的方法
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
@Configuration
public class CustomAuthManager implements AuthenticationManager {
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
return null;
}
}
任何想法 ??
最佳答案
那部分代码
@Autowired
public JWTAuthenticationFilter(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
意味着如果将
JWTAuthenticationFilter
创建为Spring组件(而不是通过调用new
),则AuthenticationManager
将自动自动连接到该类中,并且您无需运行任何类型的setter。您的
authenticationManager()
方法在做什么?如果仅创建@Bean
的新AuthenticationManager
,则可以在单独的类中进行操作,它将自动自动连接到JWTAuthenticationFilter
。可能的解决方案:
1.创建课程:
@Configuration
public class CustomAuthManager implements AuthenticationManager {
...
}
2.添加到
SecurityConfig
:@Autowired
private JWTAuthenticationFilter jwtAuthenticationFilter;
并使用
http.addFilter(jwtAuthenticationFilter);
3.保持
JWTAuthenticationFilter
不变。