发表新帖
发表新帖

Changing the login service URL in spring security

后端 未结
关注
5 2152
攒了一身酷
攒了一身酷 2021-01-01 02:12

Hi I have implemented Spring security in my spring boot web application with JWT filters. But the default authentication is happening at url http://localhost:8080/logi

相关标签:
5条回答
  • 暖寄归人
    2021-01-01 02:32

    In your AuthenticationFilter you can call setFilterProcessesUrl during construction, example:

    public class JWTAuthenticationFilter extends UsernamePasswordAuthenticationFilter {

   private AuthenticationManager authenticationManager;

   public JWTAuthenticationFilter(AuthenticationManager authenticationManager) {
      this.authenticationManager = authenticationManager;

      setFilterProcessesUrl("/api/v1/tokens"); // <--- like this
   }

   ...

    Hope it helps.

    0 讨论(0)
  • 离开以前
    2021-01-01 02:35

    You need to provide the url to the login page and the url that would process the authentication. This can be done by overriding the method like this:

        @Override
    protected void configure( HttpSecurity http ) throws Exception
    {
        http.cors().and().csrf().disable().
        authorizeRequests().
        antMatchers(HttpMethod.POST, "/rest/auth/**").
        permitAll()           
       .antMatchers("/static/*").permitAll()  
       .antMatchers("/").permitAll()
       .and().formLogin().
       /*This is where the juice is*/
       loginPage("/login").loginProcessingUrl("/rest/auth/login")
       /* .anyRequest().authenticated() */.and()
       .addFilter(new JWTAuthenticationFilter(authenticationManager()))
       .addFilter(new JWTAuthorizationFilter(authenticationManager()));
        }

    The loginPage("/login") can be replaced with the route to your static login page while the loginProcessingUrl is the url of the controller that processes your login logic. Ensure that controllers exist for both /login and /loginProcesingUrl.

    0 讨论(0)
  • 无人共我
    2021-01-01 02:42

    In the configure method try to add loginProcessungUrl() method. You can set the value in the parameter

    .addFilter(new JWTAuthorizationFilter(authenticationManager()))
.loginProcessingUrl(LOGIN_URL);
    0 讨论(0)
  • 囚心锁ツ
    2021-01-01 02:48

    Modify "HttpSecurity", as follows, example:

    @Override
protected void configure( HttpSecurity http ) throws Exception {
http.cors().and().csrf().disable().authorizeRequests().antMatchers(HttpMethod.POST, "/rest/auth/**").permitAll()
        .antMatchers("/static/*").permitAll().antMatchers("/").permitAll()
        /* .anyRequest().authenticated() */
        .and()
             .formLogin()
             .loginPage("/login")
             .loginProcessingUrl("/rest/auth/login")
             .permitAll()
        .and()
             .logout()
             .permitAll();
        .and()
             .addFilter(new JWTAuthenticationFilter(authenticationManager()))
             .addFilter(new JWTAuthorizationFilter(authenticationManager()));
}
    0 讨论(0)
  • 有刺的猬
    2021-01-01 02:56

    You need to tweak the WebSecurityConfig.java and JWTAuthenticationFilter.

    @Override
protected void configure( HttpSecurity http ) throws Exception
{

    http.csrf().disable()

            .authorizeRequests()

            .antMatchers("/rest/noauth/**").permitAll()

            .antMatchers("/rest/login").permitAll()

            .antMatchers("/rest/logout").permitAll()

            .antMatchers("/src/**").permitAll()

            .antMatchers("/v2/api-docs/**", "/configuration/ui/**", "/swagger-resources/**",
                    "/configuration/security/**", "/swagger-ui.html/**", "/webjars/**")
            .permitAll()

            .anyRequest().authenticated()

            .and()

            .logout().addLogoutHandler(logoutHandler).logoutSuccessHandler(logoutSuccessHandler)
            .logoutUrl("/rest/logout")

            .and()

            .addFilterBefore(
                    new JWTAuthenticationFilter("/rest/login",
                    UsernamePasswordAuthenticationFilter.class)

            .addFilterBefore(new JWTAuthorizationFilter(authenticationManager(), authTokenModelRepository),
                    UsernamePasswordAuthenticationFilter.class);

    http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

}

    and make your JWTAuthenticationFilter extends AbstractAuthenticationProcessingFilter which has a constructor which takes the filterProcessingURl and I passed /rest/login as the parameter.

    public class JWTAuthenticationFilter extends AbstractAuthenticationProcessingFilter {

private static final Logger LOGGER = LoggerFactory.getLogger(JWTAuthenticationFilter.class);

private AuthenticationManager authenticationManager;
private TokenService tokenService;
private UserModel credentials;

private RefreshTokenService refreshTokenService;
private AuthTokenModelRepository authTokenModelRepository;
private UserModelRepository userModelRepository;

public JWTAuthenticationFilter( String loginUrl, AuthenticationManager authenticationManager,
        TokenService tokenService, RefreshTokenService refreshTokenService,
        AuthTokenModelRepository authTokenModelRepository, UserModelRepository userModelRepository )
{
    super(new AntPathRequestMatcher(loginUrl));

}

    After the above configuration, the JWTAuthenticationFilter will be executed for the request /rest/login.

    0 讨论(0)
 看不清?
提交回复
热议问题