英文:
How to custom Login / authenticate with Angular + Spring + JSON
问题
你的目标是在Angular 7前端和Spring后端中实现自定义JSON表单登录。计划是将用户名/密码从前端以JSON形式发送到后端,然后在后端进行身份验证,将结果返回到前端。问题是,在从前端发送数据后,在后端无法看到数据(用户名和密码为空)。
你的登录页面功能中,credential
的设置看起来正确。但是请注意,你在比较用户名和密码是否为 null
时使用了 &&
,这应该是 &&
。
关于后端部分,在 CustomAuthenticationProvider.java
中,你尝试获取用户名和密码,但遇到了问题,它们为空。首先,请确保前端发送的数据是有效的 JSON 格式。另外,你可能需要查看前端是否正确设置了请求的 Content-Type 为 application/json
。
在 CustomAuthenticationProvider
中,你的问题可能出在身份验证之前,需要在请求中正确获取 JSON 数据。你可以尝试以下方式来获取用户名和密码:
import com.fasterxml.jackson.databind.ObjectMapper;
// ...
@Override
public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
ObjectMapper objectMapper = new ObjectMapper();
Map<String, String> data = objectMapper.convertValue(authentication.getDetails(), Map.class);
final String username = data.get("username");
final String password = data.get("password");
// 确保你可以正确获取到用户名和密码后,进行身份验证
}
这应该可以帮助你在后端获取到从前端发送的 JSON 数据中的用户名和密码,从而进行身份验证。如果问题仍然存在,请确保前端和后端的数据传输格式和请求设置正确。
英文:
I have an angular 7 frontend and Spring backend.
My goal is to make a custom login using JSON form. The plan: send the username/password from frontend to backend in json form. Do the authentication in backend, and send back the result to frontend. My problem: after sending the data from frontend, I can't see the data in backend (username and password are empty) (in my CustomAuthenticationProvider.java)
My login page function:
let credential = {username: this.loginForm.value.username, password: this.loginForm.value.password};
if(this.loginForm.value.username != null && this.loginForm.value.password != null) {
this.http.post("auth", JSON.stringify(credential)).subscribe(
response => {
if(response.status == 200 && response.ok == true) {
this.globals.loggeduser = this.loginForm.value.username;
//and routing
} else {
alert("Bad credential");
}
);
}
@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
public CustomAuthenticationProvider() {
super();
}
@Override
public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
final String username = authentication.getName();
final String password = authentication.getCredentials().toString();
//THE PROBLEM: username and password are empty here
if (/* some custom auth here */) {
final List<GrantedAuthority> grantedAuths = new ArrayList<>();
grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
final UserDetails principal = new User(username, password, grantedAuths);
final Authentication auth = new UsernamePasswordAuthenticationToken(principal, password, grantedAuths);
return auth;
}
return null;
}
@Override
public boolean supports(Class<?> authentication) {
return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);
}
}
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private CustomAuthenticationProvider customAuthenticationProvider;
@Override
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(customAuthenticationProvider);
}
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.GET,"/login", "/index*", "/static/**", "/*.js",
"/*.json", "/*.ico", "/*.sccs", "/*.woff2", "/*.css").permitAll()
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginPage("/")
.loginProcessingUrl("/auth")
.usernameParameter("username")
.passwordParameter("password")
.successHandler(successHandler())
.failureHandler(failureHandler())
.permitAll()
.and()
.logout()
.permitAll();
}
private AuthenticationSuccessHandler successHandler() {
...
}
private AuthenticationFailureHandler failureHandler() {
...
}
}
When I print out the authentication
after adding values to username and password, I get this (Principal and credentials are empty):
org.springframework.security.authentication.UsernamePasswordAuthenticationToken@b37b: Principal: ; Credentials: [PROTECTED];
Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364:
RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Not granted any authorities
Using not JSON format works fine, but I need to use JSON format. I read this and this (I tried these solutions, didn't work). These are a bit outdated and not good (too complex and/or in xml format)
I read about that I have to write a custom UsernamePasswordAuthenticationFilter / using Beans, but I would like to do a nice and clean java solution without reworking the whole thing / using xml. Can I get some help/hints please?
Edit: using this format (instead of let credential = ...
), it is working (but it is not JSON unfortunately):
let urlSearchParams = new URLSearchParams();
urlSearchParams.append('username', this.loginForm.value.username );
urlSearchParams.append('password', this.loginForm.value.password );
答案1
得分: 0
我找到了一个解决方案。
我添加了一个CustomAuthenticationFilter,感谢@oe.elvik在这个问题中的回答。
(注意:LoginRequest是一个包含两个变量(username和password)的类)
之后,我将这个内容添加到了我的securityConfig中,一切都正常工作:
@Bean
public CustomAuthenticationFilter customAuthenticationFilter() throws Exception{
CustomAuthenticationFilter customAuthenticationFilter = new CustomAuthenticationFilter();
customAuthenticationFilter.setAuthenticationManager(authenticationManager());
customAuthenticationFilter.setFilterProcessesUrl("/auth");
customAuthenticationFilter.setAuthenticationSuccessHandler(successHandler());
customAuthenticationFilter.setAuthenticationFailureHandler(failureHandler());
return customAuthenticationFilter;
}
英文:
I found a solution.
I added a CustomAuthenticationFilter, credits go to @oe.elvik's answer in this question.
(note: LoginRequest is a class with 2 variables: username and password)
After that, I added this into my securityConfig, and everything is working:
@Bean
public CustomAuthenticationFilter customAuthenticationFilter() throws Exception{
CustomAuthenticationFilter customAuthenticationFilter = new CustomAuthenticationFilter();
customAuthenticationFilter.setAuthenticationManager(authenticationManager());
customAuthenticationFilter.setFilterProcessesUrl("/auth");
customAuthenticationFilter.setAuthenticationSuccessHandler(successHandler());
customAuthenticationFilter.setAuthenticationFailureHandler(failureHandler());
return customAuthenticationFilter;
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论