springsecurity替换filter失败

问题遇到的现象和发生背景

springsecurity5.7.1自定义UsernamePasswordAuthenticationFilter未生效

问题相关代码,请勿粘贴截图

通过WebSecurityConfigurerAdapter实现

@Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService);
    }

    @Override
    @Bean
    protected AuthenticationManager authenticationManager() throws Exception {
        return super.authenticationManager();
    }
//LoginFilter extends UsernamePasswordAuthenticationFilter
    @Bean
    public LoginFilter loginFilter() throws Exception {
        LoginFilter filter = new LoginFilter();
        filter.setFilterProcessesUrl("login");
//        filter.setUsernameParameter();
//        filter.setUsernameParameter();
        filter.setAuthenticationManager(authenticationManagerBean());
        filter.setAuthenticationSuccessHandler(new SuccessHandler());
        filter.setAuthenticationFailureHandler(new FailureHandler());
        return filter;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.addFilterAt(loginFilter(),UsernamePasswordAuthenticationFilter.class);
        http.authorizeRequests()
//                .antMatchers("/login/*").permitAll()
                .anyRequest().authenticated()
                .and().formLogin()//.loginPage("/login/login")
//                .passwordParameter("password")
//                .usernameParameter("username")
                .successHandler(new SuccessHandler())
                .failureHandler(new FailureHandler())
                .and()
                .logout()
//                .logoutRequestMatcher()
                .invalidateHttpSession(true)
                .clearAuthentication(true)
                .logoutSuccessHandler(new LogoutFailureHandler())
                .and().rememberMe()
                .rememberMeServices(rememberMeServices())
                .and().csrf().disable();
    }

上面代码应该没有问题,但不知道为啥,debugger没有走自定义的loginfilter,而是框架原始的UsernamePasswordAuthenticationFilter,configure(HttpSecurity http)第一行就替换了原filter。

运行结果及报错内容

img

img


两个都打了断点,但只在原filter上停止

我的解答思路和尝试过的方法

真的好懵呀,在网上找了好多方法,都是通过addfilterat()方法替换的,但我写的代码好像也没啥问题呀?

因为springsecurity帮我们创建的页面的表单中action仍然是/loign。所以如果自定义的filter修改了路径是拦截不到的。atfiletrat的功能其实不是取代,而是共存,只是我们定义的优先拦截。

addFilterBefore,不知道你在哪找的,会用addfilterat,csdn?csdn那能行吗,到处复制粘贴

img


        http.addFilterBefore(loginFilter(), UsernamePasswordAuthenticationFilter.class);

是不是自定义登录界面呀?如果是的话,这样配置感觉比你的简单一些

img

题主是要用局部的AuthenticationManager还是全局的?