我正在開發一個RESTful Web服務並已登錄工作。我想補充的安全和訪問令牌,所以我說一個UserDetailsService
,如下圖所示:彈簧安全loadByUsername的用戶名字段爲空
@Component
public class CustomLoginAuthenticationProvider implements UserDetailsService {
@Autowired
private BusinessUserService businessUserService;
@Override
public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
if(email == null || email.isEmpty() || !email.contains("@")) {
System.out.println("ERROR - THIS IS THE USERNAME:" + email);
throw new UsernameNotFoundException(email);
}
//... More below, but it doesn't matter. Exception thrown every time
}
然而,電子郵件字符串是空的。我不明白爲什麼,因爲我很難明確何時調用此方法以及發送什麼值作爲此方法的參數,因爲這是發送JSON的REST後端。這是我的WebSecurityConfigurerAdapter
設置:
@Configuration
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class CustomWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Bean
public CustomLoginAuthenticationProvider customLoginAuthenticationProvider() {
return new CustomLoginAuthenticationProvider();
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/css/**", "/js/**", "/images/**", "/fonts/**",
"/videos/**", "/", "/register", "/login", "/about",
"/contact", "/test")
.permitAll()
.and()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.exceptionHandling()
.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/"))
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/login")
.usernameParameter("email")
.passwordParameter("password")
.and()
.logout()
.logoutSuccessUrl("/")
.permitAll()
.and()
.csrf()
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.and()
.addFilterAfter(new CsrfTokenFilter(), CsrfFilter.class);
}
}
我指定的電子郵件應該當我使用.usernameParameter("email")
,所以我真的不知道爲什麼它不填充email參數發送至方法。我在前端使用AngularJS,並使用JSON將憑證發送到後端。
你可以把你的登錄表單嗎? –