Spring Security'de oturum açılamıyor

Question

Ek açıklama tabanlı bir Spring Security uygularken bir sorunla karşı karşıya kaldım.

Verileri açısal kullanıcı arabirimimden yüklediğimde, Spring Security'e ulaşıyor ancak oturum açma girişiminde bulunmuyor. Nerede yanlış yapıyorum bilmiyorum.

Benim vatansız giriş filtresi:

class StatelessLoginFilter extends AbstractAuthenticationProcessingFilter { 

    private final TokenAuthenticationService tokenAuthenticationService; 
    private final CustomJDBCDaoImpl userDetailsService; 

    protected StatelessLoginFilter(String urlMapping, TokenAuthenticationService tokenAuthenticationService, 
      CustomJDBCDaoImpl userDetailsService, AuthenticationManager authManager) { 
     super(new AntPathRequestMatcher(urlMapping)); 
     this.userDetailsService = userDetailsService; 
     this.tokenAuthenticationService = tokenAuthenticationService; 
     setAuthenticationManager(authManager); 
    } 

    @Override 
    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) 
      throws AuthenticationException, IOException, ServletException { 

       final UsernamePasswordAuthenticationToken loginToken = new UsernamePasswordAuthenticationToken(
       request.getParameter("username").toString(), request.getParameter("password").toString()); 
     return getAuthenticationManager().authenticate(loginToken); 
    } 

    @Override 
    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, 
      FilterChain chain, Authentication authentication) throws IOException, ServletException { 

     // Lookup the complete User object from the database and create an Authentication for it 
     final UserDetails authenticatedUser = userDetailsService.loadUserByUsername(authentication.getName()); 
     final UserAuthentication userAuthentication = new UserAuthentication(authenticatedUser); 

     // Add the custom token as HTTP header to the response 
     tokenAuthenticationService.addAuthentication(response, userAuthentication); 

     // Add the authentication to the Security context 
     SecurityContextHolder.getContext().setAuthentication(userAuthentication); 
    } 
} 

Ve bahar güvenlik yapılandırma dosyasıdır: Ben sunucuyu başlattığınızda

@Configuration 
@EnableWebSecurity 
@EnableGlobalMethodSecurity 
@Order(1) 
public class StatelessAuthenticationSecurityConfig extends WebSecurityConfigurerAdapter { 


    @Autowired 
    private TokenAuthenticationService tokenAuthenticationService; 

    public StatelessAuthenticationSecurityConfig() { 
     super(true); 
    } 

    @Override 
    protected void configure(HttpSecurity http) throws Exception { 
     http 
       .exceptionHandling().and() 
       .anonymous().and() 
       .servletApi().and() 
       .headers().cacheControl().and() 
       .authorizeRequests() 

       //allow anonymous resource requests 
//    .antMatchers("/").permitAll() 
       .antMatchers("/favicon.ico").permitAll() 
       .antMatchers("/resources/**").permitAll() 

       //allow anonymous POSTs to login 
       .antMatchers(HttpMethod.POST, "/api/login").permitAll() 

       //allow anonymous GETs to API 
       .antMatchers(HttpMethod.GET, "/api/**").permitAll() 

       //defined Admin only API area 
       .antMatchers("/api/admin/**").hasRole("ADMIN") 

       //all other request need to be authenticated 
       .anyRequest().hasRole("USER").and()    

       // custom JSON based authentication by POST of {"username":"<name>","password":"<password>"} which sets the token header upon authentication 
       .addFilterBefore(new StatelessLoginFilter("/api/login", tokenAuthenticationService, new CustomJDBCDaoImpl(), authenticationManager()), UsernamePasswordAuthenticationFilter.class) 

       // custom Token based authentication based on the header previously given to the client 
       .addFilterBefore(new StatelessAuthenticationFilter(tokenAuthenticationService), UsernamePasswordAuthenticationFilter.class); 
    } 

    @Bean 
    @Override 
    public AuthenticationManager authenticationManagerBean() throws Exception { 
     return super.authenticationManagerBean(); 
    } 

    @Override 
    protected void configure(AuthenticationManagerBuilder auth) throws Exception { 
     auth.userDetailsService(new CustomJDBCDaoImpl()).passwordEncoder(new BCryptPasswordEncoder()); 
    } 


} 

o StatlessLoginFilter yapıcı girer. Ancak, sayfama eriştiğimde, statelessloginfilter sınıfımın tryLogin yöntemine girmeden erişimin reddedildiğini doğrudan gösterir.

$http.post('/api/login', { username: $scope.user.email, password: $scope.user.password }).success(function (result, status, headers) { 
      $scope.authenticated = true; 
} 

DÜZENLEME # 1:

Benim angularjs istek benziyor gönderin.

ekledikten sonra http.csrf() devre dışı bırakma() Ben attemptAuthentication lazım. Ancak, şimdi istek parametreleri boş.

Info: 2016-03-23 00:59:59 DEBUG FilterChainProxy:337 - /api/login at position 1 of 7 in additional filter chain; firing Filter: 'HeaderWriterFilter' 
Info: 2016-03-23 00:59:59 DEBUG FilterChainProxy:337 - /api/login at position 2 of 7 in additional filter chain; firing Filter: 'StatelessLoginFilter' 
Info: 2016-03-23 00:59:59 DEBUG AntPathRequestMatcher:145 - Checking match of request : '/api/login'; against '/api/login' 
Info: 2016-03-23 00:59:59 DEBUG StatelessLoginFilter:205 - Request is to process authentication 
Warning: StandardWrapperValve[com.security.AppConfig]: Servlet.service() for servlet com.security.AppConfig threw exception 
java.lang.NullPointerException 
.... 

Answer 1

CSFR devre dışı bırakmayı deneyin:

http 
    .csrf().disable(); 

Ya implementing onu.