我需要在Spring Security中实现自定义身份验证:对于每个REST请求,我需要检查用户名和密码,这些名称和密码位于每个请求的特定标头(“用户名”和“密码”)中。
因此,我实现了自定义AuthEntryPoint:
@Service
public class CustomAuthEntryPoint implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
String username = httpServletRequest.getHeader("username");
String password = httpServletRequest.getHeader("password");
if (!username.equals("admin") || !password.equals("admin")) {
throw new RuntimeException("", new BadCredentialsException("Wrong password"));
}
}
}Run Code Online (Sandbox Code Playgroud)因此,我意识到RequestCacheAwareFilter正在缓存第一个请求,并且标头也存储在缓存中。因此,如果我通过了错误的通过请求,然后又通过了正确的请求,我仍然会遇到异常。
那么,如何覆盖或禁用CacheAwareFilter?还是我做错了什么?