问题遇到的现象和发生背景
springsecurity5.7.1自定义UsernamePasswordAuthenticationFilter未生效
问题相关代码,请勿粘贴截图
通过WebSecurityConfigurerAdapter实现
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Override
@Bean
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
//LoginFilter extends UsernamePasswordAuthenticationFilter
@Bean
public LoginFilter loginFilter() throws Exception {
LoginFilter filter = new LoginFilter();
filter.setFilterProcessesUrl("login");
// filter.setUsernameParameter();
// filter.setUsernameParameter();
filter.setAuthenticationManager(authenticationManagerBean());
filter.setAuthenticationSuccessHandler(new SuccessHandler());
filter.setAuthenticationFailureHandler(new FailureHandler());
return filter;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilterAt(loginFilter(),UsernamePasswordAuthenticationFilter.class);
http.authorizeRequests()
// .antMatchers("/login/*").permitAll()
.anyRequest().authenticated()
.and().formLogin()//.loginPage("/login/login")
// .passwordParameter("password")
// .usernameParameter("username")
.successHandler(new SuccessHandler())
.failureHandler(new FailureHandler())
.and()
.logout()
// .logoutRequestMatcher()
.invalidateHttpSession(true)
.clearAuthentication(true)
.logoutSuccessHandler(new LogoutFailureHandler())
.and().rememberMe()
.rememberMeServices(rememberMeServices())
.and().csrf().disable();
}
上面代码应该没有问题,但不知道为啥,debugger没有走自定义的loginfilter,而是框架原始的UsernamePasswordAuthenticationFilter,configure(HttpSecurity http)第一行就替换了原filter。
运行结果及报错内容
两个都打了断点,但只在原filter上停止
我的解答思路和尝试过的方法
真的好懵呀,在网上找了好多方法,都是通过addfilterat()方法替换的,但我写的代码好像也没啥问题呀?