Вот мой код для входа в систему controller.java и AccessToken.java, который возвращается после процесса входа в систему
@RestController
@RequestMapping("/user")
public class Controller {
@Autowired AuthenticationManager authenticationManager;
@Autowired UserService userService;
@RequestMapping(value="/login", method=RequestMethod.POST)
public AccessToken logsin(
@RequestBody AuthenticationRequest request, HttpSession session
) {
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken (request.getId(), request.getPassword());
Authentication authentication = authenticationManager.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(authentication);
session.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
SecurityContextHolder.getContext());
AccessToken token1 = new AccessToken();
token1.setUsername(authentication.getName());
token1.setAuthorities(authentication.getAuthorities());
token1.setToken(session.getId());
Authentication a = SecurityContextHolder.getContext().getAuthentication();
System.out.println("a.isAuthenticated : "+ a.isAuthenticated());
return token1;
}
public class AccessToken {
private String username;
private Collection authorities;
private String token;
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public Collection getAuthorities() {
return authorities;
}
public void setAuthorities(Collection authorities) {
this.authorities = authorities;
}
public String getToken() {
return token;
}
public void setToken(String token) {
this.token = token;
}
}
если я отправлю запрос '/ user / login' процессу входа в систему, значение System.out.println ("a.isAuthenticated:" + a.isAuthenticated ()); «верно»
и я возвращаюсь AccessToken
например,
{
"username": "myid1",
"authorities": [
{
"authority": "user"
}
],
"token": "3D31F32383859DB145320941122CA189"
}
И я установил класс фильтра и bean-компонент HttpSessionStrategy для аутентификации токена
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class SimpleCorsFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
System.out.println("filter!");
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Expose-Headers", "x-auth-token");
response.setHeader("Access-Control-Allow-Credentials", "x-auth-token");
chain.doFilter(req, res);
}
public void init(FilterConfig filterConfig) {}
public void destroy() {}
}
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired UserService userService;
@Autowired AuthenticationProvider provider;
@Autowired BCryptPasswordEncoder encoder;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests()
.antMatchers("/user/login").permitAll()
.antMatchers("/main").authenticated()
.antMatchers("main").authenticated()
.antMatchers("/**").authenticated()
.anyRequest().authenticated()
.and()
.logout()
;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService)
.passwordEncoder(encoder);
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public HttpSessionStrategy httpSessionStrategy() {
return new HeaderHttpSessionStrategy();
}
После этого я отправил запрос на другой URL, который требует аутентификации с заголовком
'x-auth-token = 3D31F32383859DB145320941122CA189'
Однако сервер ответил 403 запрещенной ошибкой
Как я могу решить эту проблему?