Spring Security 6.1.3
Spring Security 6.1.3 登录成功,使用token访问其他接口提示未登录
最好可以远程给看下,我是在没辙了
向日葵地址
哪位可以帮忙解决下?
Security配置
自定义登录成功返回的信息
访问其他接口提示未登录
org.springframework.security.authentication.InsufficientAuthenticationException: Full authentication is required to access this resource
at org.springframework.security.web.access.ExceptionTranslationFilter.handleAccessDeniedException(ExceptionTranslationFilter.java:199)
at org.springframework.security.web.access.ExceptionTranslationFilter.handleSpringSecurityException(ExceptionTranslationFilter.java:178)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:147)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:91)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:85)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:179)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:227)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:107)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:93)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82)
at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:227)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.wrapFilter(ObservationFilterChainDecorator.java:240)
at org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$0(ObservationFilterChainDecorator.java:323)
at org.springframework.security.web.ObservationFilterChainDecorator$ObservationFilter.doFilter(ObservationFilterChainDecorator.java:224)
at org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(ObservationFilterChainDecorator.java:137)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
at org.springframework.session.web.http.SessionRepositoryFilter.doFilterInternal(SessionRepositoryFilter.java:143)
at org.springframework.session.web.http.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:82)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:642)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:410)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:340)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:277)
at org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:359)
at org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:222)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:151)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:391)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:894)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1740)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:833)
题主,这个问题我来替你解决,若有帮助,还望采纳,点击回答右侧采纳即可。
可能是你的 Spring Security 配置中没有配置将 token 添加到认证信息中,导致其他接口无法识别你的身份。
可以尝试如下操作:
- 在登录成功后,生成一个 token,并将 token 和用户信息存储到 Redis 或其他缓存中。
- 配置 Spring Security,在认证过程中从请求头中获取 token,并将 token 添加到认证信息中。
- 在其他需要认证的接口中,从请求头中获取 token,并从缓存中获取用户信息,然后进行权限验证。
以下是一个简单的 Spring Security 配置示例,假设 token 存储在请求头的 Authorization 字段中:
@Configuration
@EnableWebSecurity
public class SecurityConfigurer extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private JWTTokenFilter jwtTokenFilter;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.addFilterBefore(jwtTokenFilter, UsernamePasswordAuthenticationFilter.class)
.authorizeRequests()
.antMatchers("/api/login").permitAll()
.anyRequest().authenticated();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
在上述示例中,JWTTokenFilter 是一个自定义的过滤器,在过滤器中从请求头中获取 token,并将 token 添加到认证信息中:
@Component
public class JWTTokenFilter extends OncePerRequestFilter {
@Autowired
private TokenService tokenService;
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
FilterChain filterChain) throws ServletException, IOException {
String token = request.getHeader("Authorization");
if (token != null && token.startsWith("Bearer ")) {
token = token.substring(7);
Authentication authentication = tokenService.getAuthentication(token);
SecurityContextHolder.getContext().setAuthentication(authentication);
}
filterChain.doFilter(request, response);
}
}
在上述示例中,TokenService 是一个自定义的服务,用于从缓存中获取用户信息和验证 token。可以根据具体情况进行实现。
要么
1.application.properties文件添加配置参数
management.security.enabled=false
2.url需要设置放行才可以。如图:
引用 皆我百晓生 小程序回复内容作答:
根据提供的信息,根据异常信息可以看出,访问其他接口时提示未登录,说明Token没有正确解析或者认证信息没有正确存储在Security上下文中可能的原因和解决方法如下
验证Token解析是否正确:
- 确保Token按照正确的方式生成,并且在请求头中以Bearer Token的形式传递
- 确保Token的签名算法和密钥配置正确,可以使用相同的密钥进行Token的生成和解析
- 可以尝试使用调试工具查看Token解析过程中是否有异常或错误的地方
确保Token信息正确存储在Security上下文中
- 在自定义的
JwtAuthenticationFilter中,确保认证成功后将用户认证信息存储在Security上下文中,例如使用SecurityContextHolder.getContext().setAuthentication(authentication)将认证信息存储在Security上下文中 - 确保自定义的认证提供者(
customerUserDetailsAuthenticationProvider)正确返回用户认证信息
- 在自定义的
检查请求是否满足Spring Security的认证要求
- 确保访问其他接口时的请求携带了正确的Token,并且Token已经通过Spring Security的认证流程进行验证
- 确保其他接口的访问路径不在白名单中(
whitelist)
检查Spring Security的配置
- 确保Spring Security配置没有被其他过滤器或拦截器覆盖或影响到
- 检查
SessionCreationPolicy配置是否为STATELESS,确保每个请求都不会创建 session - 确保
JwtAuthenticationFilter在UsernamePasswordAuthenticationFilter之前被添加到过滤器链中
希望以上建议能帮助你解决问题。如果问题仍然存在,请提供更多关于Token生成、解析和存储以及请求访问其他接口的相关代码和配置,以便我们进行更深入的分析和帮助。
结合GPT给出回答如下请题主参考
根据提供的信息,看起来是您在登录成功后生成了一个 token,但在使用该 token 访问其他接口时提示未登录。这可能是因为您没有正确地配置 Spring Security 权限验证,导致访问时无法识别该 token。
以下是一些可能的排查步骤和建议:
确认您的 token 生成逻辑是否正确。您可以使用 Postman 或其他 REST 客户端工具测试生成的 token 是否能够成功访问某个需要登录验证的接口。
确认您的 Spring Security 配置是否正确,特别是验证 token 的部分。您可以在配置文件中添加如下代码:
@Override
protected void configure(HttpSecurity http) throws Exception {
// ...
http
.csrf().disable() // 如果使用了 CSRF 防御,需要禁用
.authorizeRequests()
.antMatchers("/api/**").authenticated() // 需要登录才能访问的接口
.and()
.addFilterBefore(new JwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
}
其中,JwtAuthenticationFilter 是您自己实现的过滤器,用于从请求中提取 token 并进行验证。
- 确认您的 token 验证逻辑是否正确。可以参考 Spring Security 官方文档(https://docs.spring.io/spring-security/site/docs/5.5.3/reference/html5/#servlet-authentication-jwt)中有关 JWT 验证的部分,了解如何正确地验证您的 token。
希望这些提示对您有所帮助,如果还有问题,请提供更多的上下文信息,例如报错信息、代码片段等。
请确保你已经正确配置了Spring Security,包括以下方面:
1、在Spring Security配置类上添加@EnableWebSecurity注解,以启用Web安全支持。
2、确保你的配置类继承了WebSecurityConfigurerAdapter或SecurityConfigurerAdapter。
3、在你的配置类中重写configure(HttpSecurity http)方法,以自定义安全策略。
如果以上回答对您有所帮助,点击一下采纳该答案~谢谢
参考gpt4:
结合自己分析给你如下建议:
您的问题可能是由于您没有正确配置token的验证和解析的过滤器,导致Spring Security无法识别您的token,认为您是未认证的用户。
要解决这个问题,您需要在您的Security配置类中添加一个自定义的token过滤器,用于拦截请求,从请求头中获取token,调用认证管理器进行验证和解析,然后将认证信息保存到Security上下文中。
您可以参考以下的代码示例来实现一个简单的token过滤器:
// 自定义token过滤器
public class TokenFilter extends OncePerRequestFilter {
// 注入认证管理器
@Autowired
private AuthenticationManager authenticationManager;
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
// 从请求头中获取token
String token = request.getHeader("Authorization");
if (token != null && !token.isEmpty()) {
// 创建一个token认证对象
TokenAuthentication tokenAuthentication = new TokenAuthentication(token);
// 调用认证管理器进行验证和解析
Authentication authentication = authenticationManager.authenticate(tokenAuthentication);
if (authentication != null && authentication.isAuthenticated()) {
// 将认证信息保存到Security上下文中
SecurityContextHolder.getContext().setAuthentication(authentication);
}
}
// 继续执行后续的过滤器链
filterChain.doFilter(request, response);
}
}
// 自定义token认证对象
public class TokenAuthentication implements Authentication {
private String token;
private boolean authenticated;
private Object principal;
private Object credentials;
public TokenAuthentication(String token) {
this.token = token;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return null;
}
@Override
public Object getCredentials() {
return credentials;
}
@Override
public Object getDetails() {
return null;
}
@Override
public Object getPrincipal() {
return principal;
}
@Override
public boolean isAuthenticated() {
return authenticated;
}
@Override
public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
this.authenticated = isAuthenticated;
}
@Override
public String getName() {
return null;
}
public String getToken() {
return token;
}
public void setPrincipal(Object principal) {
this.principal = principal;
}
public void setCredentials(Object credentials) {
this.credentials = credentials;
}
}
// 自定义token认证提供者
public class TokenAuthenticationProvider implements AuthenticationProvider {
// 注入用户详情服务
@Autowired
private UserDetailsService userDetailsService;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
if (authentication instanceof TokenAuthentication) {
// 获取token对象
TokenAuthentication tokenAuthentication = (TokenAuthentication) authentication;
// 获取token字符串
String token = tokenAuthentication.getToken();
if (token != null && !token.isEmpty()) {
// 验证和解析token,这里可以使用JWT或其他方式,这里简单模拟一下
if (token.startsWith("Bearer ")) {
// 去掉Bearer前缀
token = token.substring(7);
// 模拟从token中获取用户名
String username = token.split("\\.")[0];
// 模拟从token中获取密码(不安全)
String password = token.split("\\.")[1];
// 从用户详情服务中加载用户信息
UserDetails userDetails = userDetailsService.loadUserByUsername(username);
if (userDetails != null && password.equals(userDetails.getPassword())) {
// 设置认证成功标志
tokenAuthentication.setAuthenticated(true);
// 设置认证主体为用户信息对象
tokenAuthentication.setPrincipal(userDetails);
// 设置认证凭证为密码(不安全)
tokenAuthentication.setCredentials(password);
return tokenAuthentication;
}
}
}
}
return null;
}
@Override
public boolean supports(Class<?> authentication) {
return TokenAuthentication.class.isAssignableFrom(authentication);
}
}
在您的Security配置类中,您需要将自定义的token过滤器和token认证提供者添加到配置中,例如:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
// 注入用户详情服务
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
// 省略其他配置
.addFilterBefore(new TokenFilter(), UsernamePasswordAuthenticationFilter.class) // 添加token过滤器
.authorizeRequests()
.anyRequest().authenticated();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(userDetailsService) // 设置用户详情服务
.and()
.authenticationProvider(new TokenAuthenticationProvider()); // 添加token认证提供者
}
}
这是授权配置文件有问题吧
调试下你认证 token的过滤器,代码执行的流程与你预期的是否一样。
援引讯飞星火:
根据您提供的信息,问题可能出在您的 Spring Security 配置上。您可以尝试以下解决方案:
- 确保您的 Spring Security 配置类(通常继承自
WebSecurityConfigurerAdapter)已经正确配置了认证和授权规则。例如:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomUserDetailsService customUserDetailsService;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/public/**").permitAll()
.anyRequest().authenticated()
.and()
.apply(customUserDetailsService);
}
}
- 检查您的
CustomUserDetailsService实现是否正确。这个类负责加载用户信息并进行身份验证。例如:
@Service
public class CustomUserDetailsService implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userRepository.findByUsername(username);
if (user == null) {
throw new UsernameNotFoundException("用户不存在");
}
return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), new ArrayList<>());
}
}
- 确保您的
AuthenticationFilter已经正确实现了认证逻辑。例如:
public class CustomAuthenticationFilter extends OncePerRequestFilter {
@Autowired
private CustomUserDetailsService customUserDetailsService;
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
String token = request.getHeader("Authorization");
if (token != null && token.startsWith("Bearer ")) {
String jwt = token.substring(7);
try {
Jwts.parser().setSigningKey("your-secret-key").parseClaimsJws(jwt);
Long userId = Long.valueOf(jwt.substring(Claims.substringBefore(jwt, "."):));
UserDetails userDetails = customUserDetailsService.loadUserById(userId);
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authentication);
} catch (Exception e) {
SecurityContextHolder.clearContext();
}
} else {
SecurityContextHolder.clearContext();
}
filterChain.doFilter(request, response);
}
}
- 如果问题仍然存在,请检查您的
SecurityConfig类中的apply(customUserDetailsService)方法是否正确配置了自定义的UserDetailsService。
【相关推荐】
- 你可以参考下这个问题的回答, 看看是否对你有帮助, 链接: https://ask.csdn.net/questions/7699189
- 这篇博客也不错, 你可以看下Spring Security用户名密码登陆和token授权登陆两种实现
如果你已经解决了该问题, 非常希望你能够分享一下解决方案, 写成博客, 将相关链接放在评论区, 以帮助更多的人 ^-^
首先,请确保您的登录流程正确无误,并且登录成功后能够正确地生成和存储 token。您可以使用 Spring Security 提供的登录功能,并在成功登录后获取 token。
其次,请确保您在访问其他接口时正确地传递了 token。您可以在每个需要身份验证的接口上添加认证和授权注解,例如 @Secured 或 @RolesAllowed,以确保只有具有正确权限的用户才能访问该接口。
另外,您还可以检查您的日志文件或控制台输出,查看是否有任何与身份验证相关的错误或警告信息。这些信息可能会帮助您确定问题所在。
远程连接地址发一下
登录地址:http://bw5dep.natappfree.cc/login
接口:http://bw5dep.natappfree.cc/system/role/search
你的问题主要是这块代码没有写好
UsernamePasswordAuthenticationToken t = new UsernamePasswordAuthenticationToken(JSON.toJSONString(user),
null, AuthorityUtils.commaSeparatedStringToAuthorityList(userAuthority));