0
我的Spring引導應用程序具有以下Web安全配置。在Spring引導應用程序中實現註銷Rest API
@EnableWebSecurity
@Configuration
class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private AccountRepository accountRepository;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/login").permitAll()
.and()
.authorizeRequests()
.antMatchers("/signup").permitAll()
.and()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.logout().logoutUrl("/logout").invalidateHttpSession(true)
.and()
// We filter the api/signup requests
.addFilterBefore(
new JWTSignupFilter("/signup", authenticationManager(), accountRepository),
UsernamePasswordAuthenticationFilter.class)
// We filter the api/login requests
.addFilterBefore(
new JWTLoginFilter("/login", authenticationManager()),
UsernamePasswordAuthenticationFilter.class)
// And filter other requests to check the presence of JWT in
// header
.addFilterBefore(new JWTAuthenticationFilter(userDetailsServiceBean()),
UsernamePasswordAuthenticationFilter.class);
}
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.userDetailsService(userDetailsServiceBean());
}
@Override
public UserDetailsService userDetailsServiceBean() throws Exception {
return new CustomUserDetailsService(accountRepository);
}
}
當一個客戶端發出POST
請求/logout
端點,服務器會拋出異常:
com.fasterxml.jackson.databind.JsonMappingException: No content to map due to end-of-input
at [Source: [email protected]; line: 1, column: 0]
at com.fasterxml.jackson.databind.JsonMappingException.from(JsonMappingException.java:270) ~[jackson-databind-2.8.7.jar:2.8.7]
at com.fasterxml.jackson.databind.ObjectMapper._initForReading(ObjectMapper.java:3838) ~[jackson-databind-2.8.7.jar:2.8.7]
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:3783) ~[jackson-databind-2.8.7.jar:2.8.7]
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2908) ~[jackson-databind-2.8.7.jar:2.8.7]
at com.boot.myapp.config.security.JWTLoginFilter.attemptAuthentication(JWTLoginFilter.java:32) ~[classes/:na]
,你可以看到,它試圖運行JWTLoginFilter
了一種方法,用於記錄在,但爲什麼?
編輯1
代碼JWTLoginFilter.java
:
public class JWTLoginFilter extends AbstractAuthenticationProcessingFilter {
public JWTLoginFilter(String url, AuthenticationManager authManager) {
super(new AntPathRequestMatcher(url));
setAuthenticationManager(authManager);
}
@Override
public Authentication attemptAuthentication(HttpServletRequest req,
HttpServletResponse res) throws AuthenticationException,
IOException, ServletException {
CustomUserDetails creds = new ObjectMapper().readValue(
req.getInputStream(), CustomUserDetails.class);
return getAuthenticationManager().authenticate(
new UsernamePasswordAuthenticationToken(creds.getUsername(),
creds.getPassword()));
}
@Override
protected void successfulAuthentication(HttpServletRequest req,
HttpServletResponse res, FilterChain chain, Authentication auth) {
TokenAuthenticationService.addAuthentication(res, auth.getName());
}
}
您可以從發佈一些JWTLoginFilter代碼?我懷疑它是用@filter註釋的,然後它被綁定到每個請求。你可能想要刪除它。 – Sarief
我更新了問題幷包含了'JWTLoginFilter'的代碼。我的代碼中沒有@filter註釋。顯然,它是綁定到每個請求,但。 –
我的建議是刪除登錄過濾器,看看它是否仍然存在。同時檢查JWTAuthenticationFilter是否擴展了登錄過濾器或smth,因爲它在任何地方都被使用。 – Sarief