直接訪問spring security4的登錄接口,用postman能登錄成功,改爲谷歌瀏覽器訪問則參數無法獲取。
原因:btainUsername(request)或request.getParameter("xxx")只能接收表單數據,不能接收json/text數據。
解決辦法:
1,獲取請求體。JWTAuthenticationFilter類如下
package com.example.securitydemoserver.config.jwt
import com.alibaba.fastjson.JSONObject
import com.example.securitydemoserver.config.req.HttpRequestUtil
import org.slf4j.LoggerFactory
import org.springframework.security.authentication.AuthenticationManager
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
import org.springframework.security.core.Authentication
import org.springframework.security.core.AuthenticationException
import org.springframework.security.core.userdetails.User
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
import javax.servlet.FilterChain
import javax.servlet.ServletRequest
import javax.servlet.ServletResponse
import javax.servlet.http.HttpServletRequest
import javax.servlet.http.HttpServletResponse
/*獲取用戶登錄信息,只需創建一個token並調用,認證*/
class JWTAuthenticationFilter: UsernamePasswordAuthenticationFilter {
companion object{
var token="";
}
private var log = LoggerFactory.getLogger(this.javaClass)
constructor(authenticationManager: AuthenticationManager){
this.authenticationManager=authenticationManager
}
/*接受並解析用戶憑證*/
override fun attemptAuthentication(request: HttpServletRequest, response: HttpServletResponse?): Authentication {
// val username=obtainUsername(request)//只支持表單提交,傳過來的數據爲json獲取的值爲null
// val password = obtainPassword(request)
//獲取請求體
val body = HttpRequestUtil.getBodyContent(request).toString()
val map = JSONObject.parse(body) as Map<String,Any>;
return authenticationManager.authenticate(UsernamePasswordAuthenticationToken(map["username"],map["password"]))
}
//認證成功後設置返回頭******************************
override fun successfulAuthentication(request: HttpServletRequest?, response: HttpServletResponse?, chain: FilterChain?, authResult: Authentication?) {
val user=authResult!!.principal as User
token= JwtTokenUtils().createToken(user.username.toString(),true)
response!!.setHeader("token", JwtTokenUtils().Token_Prefix + " "+token)
// response!!.setHeader("Access-Control-Allow-Origin",request!!.getHeader("Origin"))
// response!!.setHeader("Access-Control-Allow-Credentials","true")
}
override fun unsuccessfulAuthentication(request: HttpServletRequest?, response: HttpServletResponse?, failed: AuthenticationException?) {
response!!.writer.write("authentication failed, reason: " + failed!!.message)
}
override fun doFilter(req: ServletRequest?, res: ServletResponse?, chain: FilterChain?) {
println("doFilter被執行了!")
super.doFilter(req, res, chain)
}
}
HttpRequestUtil 類:
package com.example.securitydemoserver.config.req;
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.Charset;
@Component
public class HttpRequestUtil {
public static String getBodyContent(HttpServletRequest request) throws IOException {
StringBuilder sb = new StringBuilder();
try (InputStream inputStream = request.getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream, Charset.forName("UTF-8")))) {
String line;
while ((line = reader.readLine()) != null) {
sb.append(line);
}
inputStream.close();
reader.close();
} catch (IOException e) {
e.printStackTrace();
}
return sb.toString();
}
}
問題解決。