我正在开发一个RESTful Web服务并已登录工作。我想补充的安全和访问令牌,所以我说一个UserDetailsService
,如下图所示:弹簧安全loadByUsername的用户名字段为空
@Component
public class CustomLoginAuthenticationProvider implements UserDetailsService {
@Autowired
private BusinessUserService businessUserService;
@Override
public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
if(email == null || email.isEmpty() || !email.contains("@")) {
System.out.println("ERROR - THIS IS THE USERNAME:" + email);
throw new UsernameNotFoundException(email);
}
//... More below, but it doesn't matter. Exception thrown every time
}
然而,电子邮件字符串是空的。我不明白为什么,因为我很难明确何时调用此方法以及发送什么值作为此方法的参数,因为这是发送JSON的REST后端。这是我的WebSecurityConfigurerAdapter
设置:
@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class CustomWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Bean
public CustomLoginAuthenticationProvider customLoginAuthenticationProvider() {
return new CustomLoginAuthenticationProvider();
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/css/**", "/js/**", "/images/**", "/fonts/**",
"/videos/**", "/", "/register", "/login", "/about",
"/contact", "/test")
.permitAll()
.and()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.exceptionHandling()
.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/login")
.usernameParameter("email")
.passwordParameter("password")
.and()
.logout()
.logoutSuccessUrl("/")
.permitAll()
.and()
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.and()
.addFilterAfter(new CsrfTokenFilter(), CsrfFilter.class);
}
}
我指定的电子邮件应该当我使用.usernameParameter("email")
,所以我真的不知道为什么它不填充email参数发送至方法。我在前端使用AngularJS,并使用JSON将凭证发送到后端。
你可以把你的登录表单吗? –