我试图在之前的问题和答案中找到一些有用的东西,但在给了一些机会之后我仍然没有修复它。
所以当我继续
http://localhost:8080/api/login
我得到
This page isn’t working
localhost redirected you too many times.
Try clearing your cookies.
ERR_TOO_MANY_REDIRECTS
那些是我的控制器:
package com.demo.hospitalmanagementtool.security.auth;
@Controller("/api")
@RequiredArgsConstructor
public class AuthenticationController {
private final AuthenticationService authenticationService;
@GetMapping("/register")
public String showRegistrationForm(RegisterRequest request) {
return "register";
}
@PostMapping("/register")
public String register(@RequestBody RegisterRequest request, Model model){
AuthenticationResponse response = authenticationService.register(request);
model.addAttribute("response", response);
return "registration-success";
}
@GetMapping("/login")
public String showLoginForm(AuthenticationRequest request) {
return "login";
}
@PostMapping("/loginSuccessForward")
public String authenticate(@RequestBody AuthenticationRequest request, Model model){
AuthenticationResponse response = authenticationService.authenticate(request);
model.addAttribute("response", response);
return "login-success";
}
@GetMapping("/refresh-token")
public String refresh(HttpServletRequest request, HttpServletResponse response) throws IOException {
authenticationService.refresh(request, response);
return "refresh-success";
}
}
和
SecurityConfig
package com.demo.hospitalmanagementtool.security.config;
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfiguration {
private final JwtAuthenticationFilter jwtAuthFilter;
private final AuthenticationProvider authenticationProvider;
private final LogoutHandler logoutHandler;
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.authorizeHttpRequests()
.and().formLogin().loginPage("/api/login").permitAll()
.defaultSuccessUrl("/index").failureUrl("/loginError")
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authenticationProvider(authenticationProvider)
.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class)
.logout()
.logoutUrl("/api/logout")
.addLogoutHandler(logoutHandler)
.logoutSuccessHandler(
(request, response, authentication) ->
SecurityContextHolder.clearContext());
return http.build();
}
}