我使用Spring Security v6.1.0在Java中实现了身份验证,这是端点:
@GetMapping(value="/loginUser")
public User login(Principal principal) {
return this.userService.findByEmail(principal.getName());
}WebSecurityConfig类:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig {
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.cors().and().csrf().disable()
.authorizeHttpRequests((authorize) -> authorize
.requestMatchers("/", "/login").permitAll()
.requestMatchers("/scan",
"/loginUser",
"/users",
"/invoices",
"/dueNextWeek",
"/groupedByVendor",
"/groupedByVendorTotalAmountPerMonth",
"/totalAmountPerMonth").authenticated()
)
.formLogin((form) -> form
.loginPage("/login")
.loginProcessingUrl("/login")
.defaultSuccessUrl("/loginUser")
.permitAll()
)
.cors((cors) -> cors
.configurationSource(corsConfigurationSource())
);
return http.build();
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("http://localhost:4200"));
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE"));
configuration.setAllowedHeaders(Arrays.asList("*"));
configuration.setAllowCredentials(true);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}用户服务实施:
@Override
public User findByEmail(String email) {
Optional<User> user = this.userRepository.findByEmail(email);
return user.get();
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Optional<User> userOpt = userRepository.findByEmail(username);
User user = userOpt.orElseThrow(() -> new UsernameNotFoundException(username + " not found!"));
return org.springframework.security.core.userdetails.User.builder()
.username(user.getEmail())
.password(user.getPassword()).build();
}Angular服务:
import {Component} from '@angular/core';
import {Router} from "@angular/router";
import {AuthService} from "../authentication/auth.service";
@Component({
selector: 'app-login',
templateUrl: './login.component.html',
styleUrls: ['./login.component.css']
})
export class LoginComponent {
form: any = {
username: null,
password: null
};
isLoggedIn = false;
errorMessage = '';
wrongCredentials: boolean = false;
invalidLogin: boolean = false;
constructor(private router: Router, private loginService: AuthService) {
}
onSubmit(): void {
sessionStorage.setItem('username', this.form.username);
sessionStorage.setItem('password', this.form.password);
this.loginService.authenticate(this.form.username, this.form.password).subscribe(
() => {
this.router.navigate(['/home']);
this.invalidLogin = false;
},
(err) => {
this.invalidLogin = true;
this.wrongCredentials = true;
}
)
}
}import {Injectable} from '@angular/core';
import {HttpClient, HttpHeaders} from "@angular/common/http";
import {catchError, map, throwError} from "rxjs";
const AUTH_API = 'http://localhost:8081/login';
@Injectable({
providedIn: 'root'
})
export class AuthService {
isLoggedIn: boolean | undefined;
constructor(private http: HttpClient) {
}
ngOnInit(): void {
}
authenticate(username: string, password: string) {
const httpOptions: Object = {
headers: new HttpHeaders({
'Content-Type': 'application/json',
'Authorization': "Basic " + btoa(username + ":" + password)
}),
responseType: 'text'
};
let credentials = {username: username, password: password};
return this.http.post(AUTH_API, credentials, httpOptions).pipe(
map(() => {
let authString = 'Basic ' + btoa(username + ':' + password);
sessionStorage.setItem('username', username);
sessionStorage.setItem('basicAuth', authString);
this.isLoggedIn = true;
}),
catchError((error) => {
console.error('Authentication error:', error);
return throwError(error);
}))
}
isUserLoggedIn() {
let basicAuth = sessionStorage.getItem('basicAuth');
return basicAuth != null;
}
logOut() {
sessionStorage.removeItem('username');
sessionStorage.removeItem('basicAuth');
this.isLoggedIn = false;
}
}当我从postman向/login上的java应用程序发送POST请求时,我得到了经过身份验证的User作为响应,我猜它应该如何工作,但是当我从angular应用程序发送请求时,我得到了GET http://localhost:8081/login net::ERR_TOO_MANY_REDIRECTS 302。我哪里做错了?
1条答案
按热度按时间6qqygrtg1#
我找到问题了。这段代码
导致了
HTTP 302循环。我修改了filterChain方法:现在的终点是:
向
localhost:8081/login发出POST请求现在工作得非常好。