问题描述
我尝试了在Internet上找到的所有方法,但都无法正常工作。 如找不到用户的错误,请不要调用我自定义的AuthenticationEntryPoint。 它永远不会被调用。 它永远不会被调用。 它永远不会被调用。 它永远不会被调用。 它永远不会被调用。 它永远不会被调用。 它永远不会被调用。 它永远不会被调用。 它永远不会被调用。
我的oauth配置
@Configuration
@EnableAuthorizationServer
public class OAuthConfig extends AuthorizationServerConfigurerAdapter {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private ClientDetailsService clientService;
@Autowired
private RedisConnectionFactory connectionFactory;
@Autowired
private WebResponseExceptionTranslator customWebResponseExceptionTranslator;
@Bean
public TokenStore tokenStore() {
return new RedisTokenStore(connectionFactory);
}
@Bean
public JwtAccesstokenConverter jwtAccesstokenConverter() {
return new JwtAccesstokenConverter() {
@Override
public OAuth2Accesstoken enhance(OAuth2Accesstoken accesstoken,OAuth2Authentication authentication) {
Map<String,Object> infoMap = new HashMap<>();
if (authentication.getUserAuthentication() != null) {
String userName = authentication.getUserAuthentication().getName();
User user = (User) authentication.getUserAuthentication().getPrincipal();
infoMap.put("userName",userName);
infoMap.put("roles",user.getAuthorities());
} else {
infoMap.put("userName",authentication.getoAuth2Request().getClientId());
infoMap.put("roles",authentication.getoAuth2Request().getAuthorities());
}
((DefaultOAuth2Accesstoken) accesstoken).setAdditional@R_108_4045@ion(infoMap);
return super.enhance(accesstoken,authentication);
}
};
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) {
security
.tokenKeyAccess("permitAll()")
.checkTokenAccess("isAuthenticated()")
.allowFormAuthenticationForClients()
.authenticationEntryPoint(new AuthExceptionEntryPoint());
}
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) {
endpoints
.authenticationManager(authenticationManager)
.accesstokenConverter(jwtAccesstokenConverter())
.tokenStore(tokenStore())
.exceptionTranslator(customWebResponseExceptionTranslator);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.withClientDetails(clientService);
}
}
我的资源配置
@Configuration
@EnableResourceServer
public class ResourceConfig extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().permitAll().and()
.exceptionHandling().authenticationEntryPoint(new AuthExceptionEntryPoint());
}
}
我的安全配置
@Configuration
@EnableWebSecurity(debug = true)
@EnableGlobalMethodSecurity(securedEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public UserDetailsService userDetailsService() {
return new UserService();
}
@Bean
public UserDetailsService mobileUserDetailsService() {
return new MobileService();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Autowired
private JzLoginFailureHandler loginFailureHandler;
@Autowired
private JzLoginSuccessHandler loginSuccessHandler;
@Autowired
public void globalUserDetails(AuthenticationManagerBuilder auth) {
auth.authenticationProvider(mobileAuthenticationProvider());
auth.authenticationProvider(daoAuthenticationProvider());
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.exceptionHandling().authenticationEntryPoint(new AuthExceptionEntryPoint()).and()
.addFilterBefore(getMobileLoginAuthenticationFilter(),UsernamePasswordAuthenticationFilter.class)
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS).permitAll()
.antMatchers("/actuator/**").permitAll()
.antMatchers("/v2/api-docs").permitAll()
.antMatchers("/swagger-resources/**").permitAll()
.antMatchers("/webjars/**").permitAll()
.antMatchers("/oauth/**").permitAll()
.antMatchers("/token").permitAll()
.antMatchers("/user").permitAll()
.anyRequest().authenticated().and()
.httpBasic().and()
.csrf().disable();
}
/**
* 手机验证码登陆过滤器
*
* @return
*/
@Bean
public MobileLoginAuthenticationFilter getMobileLoginAuthenticationFilter() {
MobileLoginAuthenticationFilter filter = new MobileLoginAuthenticationFilter();
try {
filter.setAuthenticationManager(this.authenticationManagerBean());
} catch (Exception e) {
e.printstacktrace();
}
filter.setAuthenticationSuccessHandler(loginSuccessHandler);
filter.setAuthenticationFailureHandler(loginFailureHandler);
return filter;
}
@Bean
public MobileAuthenticationProvider mobileAuthenticationProvider() {
MobileAuthenticationProvider provider = new MobileAuthenticationProvider();
provider.setUserDetailsService(mobileUserDetailsService());
provider.setHideUserNotFoundExceptions(false);
return provider;
}
@Bean
public DaoAuthenticationProvider daoAuthenticationProvider() {
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setUserDetailsService(userDetailsService());
provider.setHideUserNotFoundExceptions(false);
provider.setPasswordEncoder(passwordEncoder());
return provider;
}
}
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)