我正在尝试设置基于REST的Web应用程序,其中前端使用Reactjs,后端使用Spring Boot.我也在尝试设置自定义身份验证提供程序,这就是我的问题开始的地方.尝试测试登录API调用时,永远不会调用CustomAuthenticationProvider,而是使用默认的DaoAuthenticationProvider.这会导致登录报告"错误凭据".
我已经将一个小样本应用程序上传到github:spring-boot-auth-demo
要测试登录API,我使用以下curl:
curl -H "Content-Type: application/json" -X POST -d '{"username":"admin","password":"admin"}' http://localhost:8080/api/users/login
CustomAuthenticationProvider执行简单的用户名/密码检查并返回UsernamePasswordAuthenicationToken对象.
package no.bluebit.demo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component;
import java.util.ArrayList;
import java.util.List;
@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
private static final Logger logger = LoggerFactory.getLogger(CustomAuthenticationProvider.class);
public CustomAuthenticationProvider() {
logger.info("*** CustomAuthenticationProvider created");
}
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
if(authentication.getName().equals("admin") && authentication.getCredentials().equals("admin")) {
List<GrantedAuthority> grantedAuths = new ArrayList<>();
grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
grantedAuths.add(new …