springsecurity4+JWT+vue+axios無法獲取用戶名和密碼，前後端分離。

 

直接訪問spring security4的登錄接口，用postman能登錄成功，改爲谷歌瀏覽器訪問則參數無法獲取。

原因：btainUsername(request)或request.getParameter("xxx")只能接收表單數據，不能接收json/text數據。

解決辦法：

1，獲取請求體。JWTAuthenticationFilter類如下

package com.example.securitydemoserver.config.jwt

import com.alibaba.fastjson.JSONObject
import com.example.securitydemoserver.config.req.HttpRequestUtil
import org.slf4j.LoggerFactory
import org.springframework.security.authentication.AuthenticationManager
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
import org.springframework.security.core.Authentication
import org.springframework.security.core.AuthenticationException
import org.springframework.security.core.userdetails.User
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
import javax.servlet.FilterChain
import javax.servlet.ServletRequest
import javax.servlet.ServletResponse
import javax.servlet.http.HttpServletRequest
import javax.servlet.http.HttpServletResponse

/*獲取用戶登錄信息，只需創建一個token並調用,認證*/
class JWTAuthenticationFilter: UsernamePasswordAuthenticationFilter {
    companion object{
        var token="";
    }
    private var log = LoggerFactory.getLogger(this.javaClass)
    constructor(authenticationManager: AuthenticationManager){
        this.authenticationManager=authenticationManager
    }
    /*接受並解析用戶憑證*/
    override fun attemptAuthentication(request: HttpServletRequest, response: HttpServletResponse?): Authentication {
//        val username=obtainUsername(request)//只支持表單提交，傳過來的數據爲json獲取的值爲null
//        val password = obtainPassword(request)
        //獲取請求體
        val body = HttpRequestUtil.getBodyContent(request).toString()
        val map = JSONObject.parse(body) as Map<String,Any>;
        return authenticationManager.authenticate(UsernamePasswordAuthenticationToken(map["username"],map["password"]))
    }
    //認證成功後設置返回頭******************************
    override fun successfulAuthentication(request: HttpServletRequest?, response: HttpServletResponse?, chain: FilterChain?, authResult: Authentication?) {
        val user=authResult!!.principal as User
        token= JwtTokenUtils().createToken(user.username.toString(),true)
        response!!.setHeader("token", JwtTokenUtils().Token_Prefix + " "+token)
//        response!!.setHeader("Access-Control-Allow-Origin",request!!.getHeader("Origin"))
//        response!!.setHeader("Access-Control-Allow-Credentials","true")
    }

    override fun unsuccessfulAuthentication(request: HttpServletRequest?, response: HttpServletResponse?, failed: AuthenticationException?) {
        response!!.writer.write("authentication failed, reason: " + failed!!.message)
    }

    override fun doFilter(req: ServletRequest?, res: ServletResponse?, chain: FilterChain?) {
        println("doFilter被執行了！")
        super.doFilter(req, res, chain)
    }

}

HttpRequestUtil 類： 

package com.example.securitydemoserver.config.req;

import org.springframework.stereotype.Component;

import javax.servlet.http.HttpServletRequest;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.Charset;

@Component
public class HttpRequestUtil {
    public static String getBodyContent(HttpServletRequest request) throws IOException {
        StringBuilder sb = new StringBuilder();
        try (InputStream inputStream = request.getInputStream();
             BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream, Charset.forName("UTF-8")))) {
            String line;
            while ((line = reader.readLine()) != null) {
                sb.append(line);
            }
            inputStream.close();
            reader.close();
        } catch (IOException e) {
            e.printStackTrace();
        }
        return sb.toString();
    }
}

問題解決。