springboot2 security成功登陆后无法获取用户信息 getPrincipal为anonymous

我这是一个前后端分离项目所以可能和大多数项目不太相同

我登陆成功之后获取到的 SecurityContextHolder.getContext().getAuthentication().getPrincipal()  是 anonymous

之前我设置的是

.anyRequest().permitAll()

所有请求都不需要权限就可以访问,这样的话所有请求内都无法得到认证信息,所以是anonymous

后来改成了

.anyRequest().authenticated()

所有请求都需要认证之后就可以了

 

下面上一个security的配置全代码

package com.qky.qingchi.config.security;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    /*@Bean
    public CustomUserDetailsService customUserDetailsService() {
        return new CustomUserDetailsService();
    }*/

    @Bean
    public MyAuthenticationProvider myAuthenticationProvider() {
        return new MyAuthenticationProvider();
    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .formLogin().successForwardUrl("/login/success")
                .and()
                .authorizeRequests()
                //设置忽略规则
                .antMatchers("/talk/*").permitAll()
                //设置拦截规则
                .anyRequest().authenticated()
                .and()
                .cors()
                .and()
                .csrf().disable();
    }

    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    /*@Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
                .withUser("q").password(new BCryptPasswordEncoder().encode("1")).roles("USER")
                .and()
                .withUser("w").password(new BCryptPasswordEncoder().encode("1")).roles("USER");
    }*/
}

 

package com.qky.qingchi.config.security;

import com.qky.qingchi.entity.User;
import com.qky.qingchi.user.repository.UserRepository;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;

import javax.annotation.Resource;

public class MyAuthenticationProvider implements AuthenticationProvider {

    @Resource
    UserRepository userRepository;

    /**
     * 自定义验证方式
     */
    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        User user;
        if (authentication.getName().equals("q")) {
            user = userRepository.findOneByName("q");
        } else if (authentication.getName().equals("k")) {
            user = userRepository.findOneByName("kk");
        } else {
            throw new AuthenticationException("用户不存在") {
            };
        }
        System.out.println("user:{"+user);
        return new UsernamePasswordAuthenticationToken(user, "", user.getAuthorities());
    }

    @Override
    public boolean supports(Class arg0) {
        return true;
    }

}

参考:

https://blog.csdn.net/u010753054/article/details/79508246

你可能感兴趣的:(java,spring,security,spring,security)