1. 首頁
  2. 問答
  3. 在Spring引導應用程序中實現註銷Rest API

在Spring引導應用程序中實現註銷Rest API

2017-04-23 106 views
0

我的Spring引導應用程序具有以下Web安全配置。在Spring引導應用程序中實現註銷Rest API

@EnableWebSecurity 
@Configuration 
class WebSecurityConfig extends WebSecurityConfigurerAdapter { 

    @Autowired 
    private AccountRepository accountRepository; 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http 
      .csrf().disable() 
      .authorizeRequests() 
       .antMatchers("/login").permitAll() 
      .and() 
      .authorizeRequests() 
       .antMatchers("/signup").permitAll() 
      .and() 
      .authorizeRequests() 
       .anyRequest().authenticated() 
      .and() 
       .logout().logoutUrl("/logout").invalidateHttpSession(true) 
      .and() 
      // We filter the api/signup requests 
      .addFilterBefore(
       new JWTSignupFilter("/signup", authenticationManager(), accountRepository), 
       UsernamePasswordAuthenticationFilter.class) 
      // We filter the api/login requests 
      .addFilterBefore(
       new JWTLoginFilter("/login", authenticationManager()), 
       UsernamePasswordAuthenticationFilter.class) 
      // And filter other requests to check the presence of JWT in 
      // header 
      .addFilterBefore(new JWTAuthenticationFilter(userDetailsServiceBean()), 
       UsernamePasswordAuthenticationFilter.class); 
    } 

    @Override 
    protected void configure(AuthenticationManagerBuilder auth) 
      throws Exception { 
     auth.userDetailsService(userDetailsServiceBean()); 
    } 

    @Override 
    public UserDetailsService userDetailsServiceBean() throws Exception { 
     return new CustomUserDetailsService(accountRepository); 
    } 
}

當一個客戶端發出POST請求/logout端點,服務器會拋出異常:

com.fasterxml.jackson.databind.JsonMappingException: No content to map due to end-of-input 
at [Source: [email protected]; line: 1, column: 0] 
    at com.fasterxml.jackson.databind.JsonMappingException.from(JsonMappingException.java:270) ~[jackson-databind-2.8.7.jar:2.8.7] 
    at com.fasterxml.jackson.databind.ObjectMapper._initForReading(ObjectMapper.java:3838) ~[jackson-databind-2.8.7.jar:2.8.7] 
    at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:3783) ~[jackson-databind-2.8.7.jar:2.8.7] 
    at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2908) ~[jackson-databind-2.8.7.jar:2.8.7] 
    at com.boot.myapp.config.security.JWTLoginFilter.attemptAuthentication(JWTLoginFilter.java:32) ~[classes/:na]

,你可以看到,它試圖運行JWTLoginFilter了一種方法,用於記錄在,但爲什麼?

編輯1

代碼JWTLoginFilter.java

public class JWTLoginFilter extends AbstractAuthenticationProcessingFilter { 


    public JWTLoginFilter(String url, AuthenticationManager authManager) { 
     super(new AntPathRequestMatcher(url)); 
     setAuthenticationManager(authManager); 
    } 

    @Override 
    public Authentication attemptAuthentication(HttpServletRequest req, 
      HttpServletResponse res) throws AuthenticationException, 
      IOException, ServletException { 

     CustomUserDetails creds = new ObjectMapper().readValue(
       req.getInputStream(), CustomUserDetails.class); 

     return getAuthenticationManager().authenticate(
       new UsernamePasswordAuthenticationToken(creds.getUsername(), 
         creds.getPassword())); 
    } 

    @Override 
    protected void successfulAuthentication(HttpServletRequest req, 
      HttpServletResponse res, FilterChain chain, Authentication auth) { 
     TokenAuthenticationService.addAuthentication(res, auth.getName()); 
    } 
}

來源

2017-04-23 Arian Hosseinzadeh

+0

您可以從發佈一些JWTLoginFilter代碼?我懷疑它是用@filter註釋的,然後它被綁定到每個請求。你可能想要刪除它。 – Sarief

+0

我更新了問題幷包含了'JWTLoginFilter'的代碼。我的代碼中沒有@filter註釋。顯然,它是綁定到每個請求,但。 –

+0

我的建議是刪除登錄過濾器,看看它是否仍然存在。同時檢查JWTAuthenticationFilter是否擴展了登錄過濾器或smth,因爲它在任何地方都被使用。 – Sarief

回答

0

顯然,春季安全自動重定向到註銷其login?logout激活登錄過濾器。我們可以登錄過濾器的構造做以下修改:

public JWTLoginFilter(String url, AuthenticationManager authManager) { super(new AntPathRequestMatcher(url, "POST")); setAuthenticationManager(authManager); }

來源

2017-04-28 07:13:50

相關問題

 相關問題