直接访问spring security4的登录接口,用postman能登录成功,改为谷歌浏览器访问则参数无法获取。
原因:btainUsername(request)或request.getParameter("xxx")只能接收表单数据,不能接收json/text数据。
解决办法:
1,获取请求体。JWTAuthenticationFilter类如下
package com.example.securitydemoserver.config.jwt
import com.alibaba.fastjson.JSONObject
import com.example.securitydemoserver.config.req.HttpRequestUtil
import org.slf4j.LoggerFactory
import org.springframework.security.authentication.AuthenticationManager
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
import org.springframework.security.core.Authentication
import org.springframework.security.core.AuthenticationException
import org.springframework.security.core.userdetails.User
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
import javax.servlet.FilterChain
import javax.servlet.ServletRequest
import javax.servlet.ServletResponse
import javax.servlet.http.HttpServletRequest
import javax.servlet.http.HttpServletResponse
/*获取用户登录信息,只需创建一个token并调用,认证*/
class JWTAuthenticationFilter: UsernamePasswordAuthenticationFilter {
companion object{
var token="";
}
private var log = LoggerFactory.getLogger(this.javaClass)
constructor(authenticationManager: AuthenticationManager){
this.authenticationManager=authenticationManager
}
/*接受并解析用户凭证*/
override fun attemptAuthentication(request: HttpServletRequest, response: HttpServletResponse?): Authentication {
// val username=obtainUsername(request)//只支持表单提交,传过来的数据为json获取的值为null
// val password = obtainPassword(request)
//获取请求体
val body = HttpRequestUtil.getBodyContent(request).toString()
val map = JSONObject.parse(body) as Map<String,Any>;
return authenticationManager.authenticate(UsernamePasswordAuthenticationToken(map["username"],map["password"]))
}
//认证成功后设置返回头******************************
override fun successfulAuthentication(request: HttpServletRequest?, response: HttpServletResponse?, chain: FilterChain?, authResult: Authentication?) {
val user=authResult!!.principal as User
token= JwtTokenUtils().createToken(user.username.toString(),true)
response!!.setHeader("token", JwtTokenUtils().Token_Prefix + " "+token)
// response!!.setHeader("Access-Control-Allow-Origin",request!!.getHeader("Origin"))
// response!!.setHeader("Access-Control-Allow-Credentials","true")
}
override fun unsuccessfulAuthentication(request: HttpServletRequest?, response: HttpServletResponse?, failed: AuthenticationException?) {
response!!.writer.write("authentication failed, reason: " + failed!!.message)
}
override fun doFilter(req: ServletRequest?, res: ServletResponse?, chain: FilterChain?) {
println("doFilter被执行了!")
super.doFilter(req, res, chain)
}
}
HttpRequestUtil 类:
package com.example.securitydemoserver.config.req;
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.Charset;
@Component
public class HttpRequestUtil {
public static String getBodyContent(HttpServletRequest request) throws IOException {
StringBuilder sb = new StringBuilder();
try (InputStream inputStream = request.getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream, Charset.forName("UTF-8")))) {
String line;
while ((line = reader.readLine()) != null) {
sb.append(line);
}
inputStream.close();
reader.close();
} catch (IOException e) {
e.printStackTrace();
}
return sb.toString();
}
}
问题解决。