毕业设计Spring boot问题记录（后端三)：springSecurity 登录时账号密码正确后，总是重定向至登陆页面，定义successHandler配置失效

原创博文，欢迎转载，转载时请务必附上博文链接，感谢您的尊重

kzhi报错信息

POSTMAN调试结果

控制台信息

2022-05-08 19:58:32.530  INFO 8160 --- [  restartedMain] o.s.s.web.DefaultSecurityFilterChain     : Will secure any request with [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@65d384e, org.springframework.security.web.context.SecurityContextPersistenceFilter@317e4a2, org.springframework.security.web.header.HeaderWriterFilter@214835cd, org.springframework.web.filter.CorsFilter@570a37ca, org.springframework.security.web.authentication.logout.LogoutFilter@786053d8, com.vuespringboot.security.CaptchaFilter@7f75cab1, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@51c74690, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@7037ac0d, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@e1c3ba8, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@106716fd, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@3073de47, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@5dda6c1f, org.springframework.security.web.session.SessionManagementFilter@2357f9c, org.springframework.security.web.access.ExceptionTranslationFilter@50887324, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@5027ebc0]
2022-05-08 19:58:32.662  INFO 8160 --- [  restartedMain] o.s.s.concurrent.ThreadPoolTaskExecutor  : Initializing ExecutorService 'applicationTaskExecutor'
2022-05-08 19:58:33.071  INFO 8160 --- [  restartedMain] o.s.b.d.a.OptionalLiveReloadServer       : LiveReload server is running on port 35729
2022-05-08 19:58:33.120  INFO 8160 --- [  restartedMain] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 8089 (http) with context path ''
2022-05-08 19:58:33.130  INFO 8160 --- [  restartedMain] c.v.VuespringbootSpringbootApplication   : Started VuespringbootSpringbootApplication in 4.605 seconds (JVM running for 5.965)
2022-05-08 19:58:37.308  INFO 8160 --- [nio-8089-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring DispatcherServlet 'dispatcherServlet'
2022-05-08 19:58:37.309  INFO 8160 --- [nio-8089-exec-1] o.s.web.servlet.DispatcherServlet        : Initializing Servlet 'dispatcherServlet'
2022-05-08 19:58:37.310  INFO 8160 --- [nio-8089-exec-1] o.s.web.servlet.DispatcherServlet        : Completed initialization in 1 ms
2022-05-08 19:58:39.227 ERROR 8160 --- [nio-8089-exec-3] o.a.c.c.C.[.[.[/].[dispatcherServlet]    : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception

java.lang.IllegalArgumentException: Base64-encoded key bytes may only be specified for HMAC signatures.  If using RSA or Elliptic Curve, use the signWith(SignatureAlgorithm, Key) method instead.
	at io.jsonwebtoken.lang.Assert.isTrue(Assert.java:38) ~[jjwt-0.9.1.jar:0.9.1]
	at io.jsonwebtoken.impl.DefaultJwtBuilder.signWith(DefaultJwtBuilder.java:98) ~[jjwt-0.9.1.jar:0.9.1]
	at com.vuespringboot.utils.JwtUtils.generateToken(JwtUtils.java:33) ~[classes/:na]
	at com.vuespringboot.security.LoginSuccessHandler.onAuthenticationSuccess(LoginSuccessHandler.java:31) ~[classes/:na]
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.successfulAuthentication(AbstractAuthenticationProcessingFilter.java:321) ~[spring-security-web-5.4.1.jar:5.4.1]
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:232) ~[spring-security-web-5.4.1.jar:5.4.1]
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) ~[spring-security-web-5.4.1.jar:5.4.1]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.1.jar:5.4.1]
	at com.vuespringboot.security.CaptchaFilter.doFilterInternal(CaptchaFilter.java:43) ~[classes/:na]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.3.1.jar:5.3.1]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.1.jar:5.4.1]
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103) ~[spring-security-web-5.4.1.jar:5.4.1]
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89) ~[spring-security-web-5.4.1.jar:5.4.1]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.1.jar:5.4.1]
	at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91) ~[spring-web-5.3.1.jar:5.3.1]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.3.1.jar:5.3.1]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.1.jar:5.4.1]
	at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-5.4.1.jar:5.4.1]
	at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-5.4.1.jar:5.4.1]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.3.1.jar:5.3.1]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.1.jar:5.4.1]
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110) ~[spring-security-web-5.4.1.jar:5.4.1]
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80) ~[spring-security-web-5.4.1.jar:5.4.1]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.1.jar:5.4.1]
	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55) ~[spring-security-web-5.4.1.jar:5.4.1]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.3.1.jar:5.3.1]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336) ~[spring-security-web-5.4.1.jar:5.4.1]
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211) ~[spring-security-web-5.4.1.jar:5.4.1]
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183) ~[spring-security-web-5.4.1.jar:5.4.1]
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) ~[spring-web-5.3.1.jar:5.3.1]
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) ~[spring-web-5.3.1.jar:5.3.1]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.39.jar:9.0.39]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.39.jar:9.0.39]
	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.3.1.jar:5.3.1]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.3.1.jar:5.3.1]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.39.jar:9.0.39]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.39.jar:9.0.39]
	at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-5.3.1.jar:5.3.1]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.3.1.jar:5.3.1]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.39.jar:9.0.39]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.39.jar:9.0.39]
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.3.1.jar:5.3.1]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) ~[spring-web-5.3.1.jar:5.3.1]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[tomcat-embed-core-9.0.39.jar:9.0.39]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-9.0.39.jar:9.0.39]
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) ~[tomcat-embed-core-9.0.39.jar:9.0.39]
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) [tomcat-embed-core-9.0.39.jar:9.0.39]
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:542) [tomcat-embed-core-9.0.39.jar:9.0.39]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143) [tomcat-embed-core-9.0.39.jar:9.0.39]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) [tomcat-embed-core-9.0.39.jar:9.0.39]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) [tomcat-embed-core-9.0.39.jar:9.0.39]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [tomcat-embed-core-9.0.39.jar:9.0.39]
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374) [tomcat-embed-core-9.0.39.jar:9.0.39]
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) [tomcat-embed-core-9.0.39.jar:9.0.39]
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) [tomcat-embed-core-9.0.39.jar:9.0.39]
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590) [tomcat-embed-core-9.0.39.jar:9.0.39]
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-9.0.39.jar:9.0.39]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_332]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_332]
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-9.0.39.jar:9.0.39]
	at java.lang.Thread.run(Thread.java:750) [na:1.8.0_332]

主要报错信息行

2022-05-08 19:58:39.227 ERROR 8160 --- [nio-8089-exec-3] o.a.c.c.C.[.[.[/].[dispatcherServlet]    : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception

报错类型方法

Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception
前端网络 302 重定向

探索解决

百度了特别久，试了各种办法都不管用。例如：“编译出错”和“Controllor 层引入的 Service 接口上面忘记写 @Resource 或 @Autowired 注解”，但是这两种错误，intell IDEA早就报错了，我也仔细对照过了，基本上是不可能有这样的问题的。

百度的意思

第一种说法

出现这个错误的原因，可能是因为后端接收前端信息时，自动将一些变量的名字格式化了，例如，前端的"user_role"将会被后端security自动解析替换为"userRole"等等，可能会导致后端接收不到参数，从而导致后端返回登录页。
原文链接1来自博主 APPTI
但是，我反复确认了前后端的参数相一致的问题。

第二种说法

出现这个错误，也可能是Controllor 层调用的方法是 private 私有的，导致分发失败。然后我就去检查了我的Controlllor层的文件，反复确认了都是public的共有的（后来我才知道，可能因为我安装了插件，IDEA会对private报错，白折腾了）
原文链接2 来自博主 Java Punk

那如果不是这样的错误，那是为什么呢？我简直抠破了我的小脑袋……

最终解决方法

实在走投无路，我去翻JJWT的使用手册，但是我英语本来就不是很好，手册又是一堆看不出直接意思的单词组合，看的我一个头两个大……
走投无路，我就去翻看简书上有没有中文的大佬注解，还真让我找到了JJWT原理及使用，于是我兴奋的开始浏览JJWT的手册，然后我看到了这句话：

似乎官网给的例子和我写的代码有些不一样，这里贴一下我的代码：

Jwts.builder()
                .setHeaderParam("type", "JWT")
                .setSubject(username)
                .setIssuer("Alpine")
                .setIssuedAt(nowDate)
                .setExpiration(expirDate) // 7天过期.
                .signWith(SignatureAlgorithm.ES512, this.secret)
                .compact();

我盯着这两个页面看了好久，256和512是最吸引的眼睛的两个地方，然后我就去搜了一些这几个参数的区别，终于啊，不容易啊，我终于找到了我的错误地方——SignatureAlgorithm后的参数，我用的是ES512，这里应该改成HS512，如下：

.signWith(SignatureAlgorithm.ES512, this.secret)
.signWith(SignatureAlgorithm.HS512, this.secret)

Jwts.builder()
                .setHeaderParam("type", "JWT")
                .setSubject(username)
                .setIssuer("Alpine")
                .setIssuedAt(nowDate)
                .setExpiration(expirDate) // 7天过期.
                .signWith(SignatureAlgorithm.HS512, this.secret)
                .compact();

结语

一个字母的差别，就卡了我整整一天，可想而知，这些编译器不报错，在运行时也不报错，但是由于一些差异导致的跳转链接，多么的折磨人。总的来说，也是因为我对Security的底层逻辑不熟悉，导致我不能准确的分析错误的地点与原因，只能找到直接原因，没有方法分析出根本原因。
在以后的毕设过程中，还是应该要多学多问啊！