У меня проблема с моим весенним проектом. Это мой SecurityConfig:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
TokenAuthenticationManager tokenAuthenticationManager;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.addFilterAfter(tokenAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
}
@Bean
public TokenAuthenticationFilter tokenAuthenticationFilter() {
TokenAuthenticationFilter tokenAuthenticationFilter = new TokenAuthenticationFilter();
tokenAuthenticationFilter.setAuthenticationManager(tokenAuthenticationManager);
return tokenAuthenticationFilter;
}
}
У меня есть пользовательский фильтр, который получает из маркера JWT параметра или заголовка и создает объект аутентификации
public class TokenAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
public TokenAuthenticationFilter() {
super("/**");
System.out.println("HERE");
setAuthenticationSuccessHandler((request, response, authentication) ->
{
SecurityContextHolder.getContext().setAuthentication(authentication);
System.out.println(SecurityContextHolder.getContext().getAuthentication());
System.out.println(request.getServletPath());
request.getRequestDispatcher(request.getServletPath()).forward(request, response);
});
setAuthenticationFailureHandler((request, response, authenticationException) -> {
response.getOutputStream().print(authenticationException.getMessage());
});
}
@Override
public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException, ServletException {
String token = httpServletRequest.getHeader("token");
System.out.println("AUTH RUNNING");
if (token == null)
token = httpServletRequest.getParameter("token");
if (token == null) {
TokenAuthentication authentication = new TokenAuthentication(null);
authentication.setAuthenticated(false);
return authentication;
}
TokenAuthentication tokenAuthentication = new TokenAuthentication(token);
Authentication authentication = getAuthenticationManager().authenticate(tokenAuthentication);
System.out.println(authentication);
return authentication;
}
@Override
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
super.doFilter(req, res, chain);
}
}
Мой собственный объект аутентификации
public class TokenAuthentication implements Authentication {
private String token;
private Collection<? extends GrantedAuthority> authorities;
private boolean isAuthenticated;
private UserDetails principal;
public TokenAuthentication(String token) {
this.token = token;
}
public TokenAuthentication(String token, Collection<GrantedAuthority> authorities, boolean isAuthenticated,
UserDetails principal) {
this.token = token;
this.authorities = authorities;
this.isAuthenticated = isAuthenticated;
this.principal = principal;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return authorities;
}
@Override
public Object getCredentials() {
return null;
}
@Override
public Object getDetails() {
return null;
}
@Override
public String getName() {
if (principal != null)
return ((UserDetails) principal).getUsername();
else
return null;
}
@Override
public Object getPrincipal() {
return principal;
}
@Override
public boolean isAuthenticated() {
return isAuthenticated;
}
@Override
public void setAuthenticated(boolean b) throws IllegalArgumentException {
isAuthenticated = b;
}
public String getToken() {
return token;
}
@Override
public String toString() {
return "TokenAuthentication{" +
"token='" + token + '\'' +
", authorities=" + authorities +
", isAuthenticated=" + isAuthenticated +
", principal=" + principal +
'}';
}
}
И менеджер
@Service
public class TokenAuthenticationManager implements AuthenticationManager {
@Autowired
private UserService userService;
@Autowired
private UserMapper userMapper;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
try {
if (authentication instanceof TokenAuthentication) {
TokenAuthentication readyTokenAuthentication = processAuthentication((TokenAuthentication) authentication);
return readyTokenAuthentication;
} else {
authentication.setAuthenticated(false);
}
} catch (Exception ex) {
if(ex instanceof AuthenticationServiceException)
throw ex;
}
return authentication;
}
private TokenAuthentication processAuthentication(TokenAuthentication authentication) throws AuthenticationException {
String token = authentication.getToken();
String key = "qwerty13579ytrewq24680zxc159cxz753mh";
DefaultClaims claims;
try {
claims = (DefaultClaims) Jwts.parser().setSigningKey(key).parse(token).getBody();
} catch (Exception ex) {
throw new AuthenticationServiceException("Token corrupted");
}
return buildFullTokenAuthentication(authentication, claims);
}
private TokenAuthentication buildFullTokenAuthentication(TokenAuthentication authentication, DefaultClaims claims) {
UserDto userDto = new UserDto();
userDto.setLogin(claims.get("username", String.class));
User user = userMapper.toEntity(userService.get(userDto));
Collection<GrantedAuthority> authorities = new ArrayList<>();
authorities.add(new SimpleGrantedAuthority("ADMIN"));
org.springframework.security.core.userdetails.User user1 = new org.springframework.security.core.userdetails.User(user.getLogin(), user.getPassword(), true, true, true, true, authorities);
if (user1.isEnabled()) {
System.out.println("HERE 11");
return new TokenAuthentication(authentication.getToken(), user1.getAuthorities(), true, user1);
} else {
throw new AuthenticationServiceException("User disabled");
}
}
}
ОЖИДАЕМОЕ ПОВЕДЕНИЕ: Если я отправляю запрос без токена (или с недействительным) => Объект аутентификации isAuthenticated имеет значение false, и я не получу ответа
АКТУАЛЬНЫЙ ПОВЕДЕНИЕ : В случае, когда запрос проходит через мой фильтр => Объект аутентификации isAuthenticated имеет значение false, но, несмотря на это, я получаю ответ от сервера (но не должен).
Помогите пожалуйста найти решение