您需要调整
WebSecurityConfig.java和
JWTAuthenticationFilter。
@Overrideprotected void configure( HttpSecurity http ) throws Exception{ http.csrf().disable() .authorizeRequests() .antMatchers("/rest/noauth/**").permitAll() .antMatchers("/rest/login").permitAll() .antMatchers("/rest/logout").permitAll() .antMatchers("/src/**").permitAll() .antMatchers("/v2/api-docs/**", "/configuration/ui/**", "/swagger-resources/**", "/configuration/security/**", "/swagger-ui.html/**", "/webjars/**") .permitAll() .anyRequest().authenticated() .and() .logout().addLogoutHandler(logoutHandler).logoutSuccessHandler(logoutSuccessHandler) .logoutUrl("/rest/logout") .and() .addFilterBefore( new JWTAuthenticationFilter("/rest/login", UsernamePasswordAuthenticationFilter.class) .addFilterBefore(new JWTAuthorizationFilter(authenticationManager(), authTokenModelRepository), UsernamePasswordAuthenticationFilter.class); http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);}并进行
JWTAuthenticationFilter扩展
AbstractAuthenticationProcessingFilter,使其具有一个构造函数,该构造函数采用
filterProcessingURl和我
/rest/login作为参数传递。
public class JWTAuthenticationFilter extends AbstractAuthenticationProcessingFilter {private static final Logger LOGGER = LoggerFactory.getLogger(JWTAuthenticationFilter.class);private AuthenticationManager authenticationManager;private TokenService tokenService;private UserModel credentials;private RefreshTokenService refreshTokenService;private AuthTokenModelRepository authTokenModelRepository;private UserModelRepository userModelRepository;public JWTAuthenticationFilter( String loginUrl, AuthenticationManager authenticationManager, TokenService tokenService, RefreshTokenService refreshTokenService, AuthTokenModelRepository authTokenModelRepository, UserModelRepository userModelRepository ){ super(new AntPathRequestMatcher(loginUrl));}完成上述配置后,
JWTAuthenticationFilter将对request执行
/rest/login。
