spring安全在rest中记住我的问题

ojsjcaue  于 2021-07-23  发布在  Java
关注(0)|答案(0)|浏览(245)

我想用 remember-me 在我的登录中。但它不起作用,我不知道该怎么办。前端由vue.js开发,后端由spring boot开发,所以 Login api有自定义的身份验证过滤器,可以通过json发送数据。即使“alwaysremember”设置为“true”,也不会显示cookie。
这是我的自定义身份验证过滤器。

public class CustomAuthenticationFilter extends UsernamePasswordAuthenticationFilter {

    private boolean postOnly = true;
    private HashMap<String, String> jsonRequest;

    @Override
    protected String obtainPassword(HttpServletRequest request) {
        String passwordParameter = super.getPasswordParameter();
        if(request.getHeader("Content-Type").equals(ContentType.APPLICATION_JSON.getMimeType())) {
            return jsonRequest.get(passwordParameter);
        }
        return request.getParameter(passwordParameter);
    }

    @Override
    protected String obtainUsername(HttpServletRequest request) {
        String usernameParameter = super.getUsernameParameter();
        if(request.getHeader("Content-Type").equals(ContentType.APPLICATION_JSON.getMimeType())) {
            return jsonRequest.get(usernameParameter);
        }
        return request.getParameter(usernameParameter);
    }

    @Override
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response){

        if(postOnly && !request.getMethod().equals("POST")) {
            throw new AuthenticationServiceException("Authentication method not supported : " + request.getMethod());
        }

        if(request.getHeader("Content-Type").equals(ContentType.APPLICATION_JSON.getMimeType())) {
            ObjectMapper objectMapper = new ObjectMapper();
            try {
                this.jsonRequest = (HashMap<String, String>) objectMapper.readValue(request.getReader().lines().collect(Collectors.joining()),
                        new TypeReference<Map<String, String>>() {
                        });
            } catch (IOException e) {
                e.printStackTrace();
                throw new AuthenticationServiceException("Request Content-Type(application/json) Parsing Error");
            }
        }

        String username = obtainUsername(request);
        String password = obtainPassword(request);
        //String rememberMe = request.getParameter("remember-me");

        if(username == null) username = "";
        if(password == null) username = "";
        username = username.trim();

        UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);

        setDetails(request, authRequest);

        return this.getAuthenticationManager().authenticate(authRequest);
    }

    @Override
    public void setPostOnly(boolean postOnly) {
        this.postOnly = postOnly;
    }
}

安全配置代码如下。

@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    private final CustomOAuth2UserService customOAuth2UserService;
    private final MemberService memberService;
    private final DataSource dataSource;
    private final RestAuthenticationEntryPoint restAuthenticationEntryPoint;

    private final AuthFailureHandler authFailureHandler;
    private final AuthSuccessHandler authSuccessHandler;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .mvcMatchers("/","/tour", "/login", "/check-email-token", "/test", "/tour-search",
                       "/tour-popular", "/docs", "/your-profile", "/send-email",
                       "/email-login", "/check-email-login", "/login-link", "/sign-up", "/sign-up-oauth").permitAll()
                .antMatchers("/valid-nickname/**", "/valid-email/**").permitAll()
                .antMatchers("/login").permitAll()
                .antMatchers("/tour-detail/**").permitAll()
                .anyRequest().authenticated();
        http.oauth2Login()
                .userInfoEndpoint()
                .userService(customOAuth2UserService);
        http.exceptionHandling()
                .authenticationEntryPoint(restAuthenticationEntryPoint); // 인증 실패시 401
        http.formLogin().disable();
        http.logout()
                .logoutSuccessUrl("/");

        // 로그인 유지
        String rememberKey = "remember_me";
        http.rememberMe()
                .key(rememberKey)
                .rememberMeParameter(rememberKey)
                .rememberMeCookieName(rememberKey)
                .userDetailsService(memberService)
                .alwaysRemember(true)
                .tokenRepository(tokenRepository());

        http.csrf().disable();
        http.cors();

        // Json
       http.addFilterBefore(customAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);

    }

    // Json
    @Bean
    public CustomAuthenticationFilter customAuthenticationFilter() throws Exception {
        CustomAuthenticationFilter filter = new CustomAuthenticationFilter();
        try {
            filter.setFilterProcessesUrl("/login");
            filter.setAuthenticationManager(this.authenticationManagerBean());
            filter.setUsernameParameter("email");
            filter.setPasswordParameter("password");
            filter.setAuthenticationSuccessHandler(authSuccessHandler);
            //filter.setAuthenticationFailureHandler(authFailureHandler);
        } catch (Exception e) {
            e.printStackTrace();
        }

        return filter;
    }

    @Bean
    public PersistentTokenRepository tokenRepository() {
        JdbcTokenRepositoryImpl jdbcTokenRepository = new JdbcTokenRepositoryImpl();
        jdbcTokenRepository.setDataSource(dataSource);
        return jdbcTokenRepository;
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring()
                .mvcMatchers("/node_modules/**")
                .requestMatchers(PathRequest.toStaticResources().atCommonLocations());
    }

}

当我测试的时候 Login Postman 的api remember-me cookie不存在。但是当我登录oauth2时,它会。
我在登录时阻止了重定向,但我想知道这是否与此有关(因为当我登录oauth2时,它会被重定向),我很好奇如何在我的开发环境中使用RememberMe。

暂无答案!

目前还没有任何答案,快来回答吧!

相关问题