spring security自定义filter的问题

发布于 2022-09-01 20:00:19 字数 4284 浏览 14 评论 0

用spring boot建的项目。
现在想自定义一个filter,要求实现用户名,密码,公司id一起验证。
下面是我的代码,参考UsernamePasswordAuthenticationFilter写的。

//这个是filter
public class UsernamePasswordSubdomainAuthenticationFilter extends AbstractAuthenticationProcessingFilter {

    protected UsernamePasswordSubdomainAuthenticationFilter() {
        super("/login");
    }

    @Override
    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException, ServletException {
        String username = this.obtainUsername(httpServletRequest);
        String password = this.obtainPassword(httpServletRequest);
        String subdomain = this.obtainSubDomain(httpServletRequest);
        if(username == null) {
            username = "";
        }

        if(password == null) {
            password = "";
        }

        if(subdomain == null){
            subdomain = "";
        }
        username = username.trim();
        UsernamePasswordSubdomainAuthenticationToken authRequest = new UsernamePasswordSubdomainAuthenticationToken(username, password, subdomain);
        this.setDetails(httpServletRequest, authRequest);
        return this.getAuthenticationManager().authenticate(authRequest);
    }

    protected void setDetails(HttpServletRequest request, UsernamePasswordSubdomainAuthenticationToken authRequest) {
        authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
    }

    public String obtainUsername(HttpServletRequest request) {
        return request.getParameter("username");
    }

    public String obtainPassword(HttpServletRequest request) {
        return request.getParameter("password");
    }

    public String obtainSubDomain(HttpServletRequest request) throws MalformedURLException {
        URL url = new URL(request.getRequestURL().toString());
        String subDomain = url.getHost().split("\\.")[0];
        return subDomain;
    }
}
//这个是配置
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
//    @Autowired
//    private UsernamePasswordSubdomainAuthenticationFilter usernamePasswordSubdomainAuthenticationFilter;

    @Bean
    public UsernamePasswordSubdomainAuthenticationFilter usernamePasswordSubdomainAuthenticationFilter() {
        System.out.println(this.authenticationManager);
        UsernamePasswordSubdomainAuthenticationFilter filer = new UsernamePasswordSubdomainAuthenticationFilter();
        filer.setAuthenticationManager(authenticationManager);
        return filer;
    }

//    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .inMemoryAuthentication()
                .withUser("user")  // #1
                .password("pass")
                .roles("USER")
                .and()
                .withUser("admin") // #2
                .password("password")
                .roles("ADMIN","USER");
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
//        web
//                .ignoring()
//                .antMatchers("/resources/**"); // #3
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .addFilter(usernamePasswordSubdomainAuthenticationFilter())
                .formLogin().disable()
                .httpBasic().disable()
                .csrf()
                .disable();
    }
}

然后报了下面的错误

Caused by: java.lang.IllegalArgumentException: authenticationManager must be specified
    at org.springframework.util.Assert.notNull(Assert.java:112)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.afterPropertiesSet(AbstractAuthenticationProcessingFilter.java:164)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1633)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1570)

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

原谅过去的我 2022-09-08 20:00:19

因为你没有给filter注入authenticationManager,authenticationManager可以从authentication-provider获取。

多像笑话 2022-09-08 20:00:19

私以为 如果你要用springSecurity 但是连整个验证流程 源码都没有摸透最好不要上 不然项目会一败涂地
多看下源码就明白了 你的问题报错已经说明白了 没有定义authenticationManager 。推荐一篇文章好好看看吧
http://www.liaozhida.net/springsecurity/springsecurity-%E7%AE%80%E5%8D%95%E6%8B%A6%E6%88%AA%E9%AA%8C%E8%AF%81uml%E5%9B%BE.html
SPRINGSECURITY 源码剖析–用户登录过程发生了什么

南渊 2022-09-08 20:00:19

请问你是只是去掉了<form—login>标签了吗?如何织入自定义的登录验证过滤器呢?希望可以交流。

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文