我的问题是,当我登录时,spring boot security 已经要求提供一个不记名令牌,而它还不存在。因此,过滤器不应使用特定请求执行,在我的情况下是 /authenticate
WebSecurityConfig.java
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
// We don't need CSRF for this example
httpSecurity.csrf().disable()
// dont authenticate this particular request
.authorizeRequests().antMatchers(HttpMethod.POST, "/authenticate", "/register").permitAll().
// all other requests need to be authenticated
anyRequest().authenticated().and().
// make sure we use stateless session; session won't be used to
// store user's state.
exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint).and().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// Add a filter to validate the tokens with every request
httpSecurity.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
}
但是使用这种方法,过滤器总是在任何请求上执行,也不是意图的 /authenticate。