Spring Security+jwt开发调试记录

首先需要在工程的websecurityconfig文件中添加这样一个注解

由于问题出在密码正确却无法登录，因此从认证方面找原因，选择在attemptAuthentication函数中设置断点
可以看到拦截器顺利的获取到了来自于前端的信息，这至少证明，来自于前端的信息是没有问题的，接着往下走。
在这一行stepinto

这句话的意思是获取当前的一个authenticationManager变量并调用其中的authenticate()函数，查看一下authenticationManager变量的具体数据

再看一下authenticate()函数的具体实现

进去之后才发现是一个接口，查看一下他的具体实现，

这里我们要看的是security目录下的内容，进入ProviderManager查看实现

public Authentication authenticate(Authentication authentication) 
			throws AuthenticationException {
    
		Class<? extends Authentication> toTest = authentication.getClass(); 
		AuthenticationException lastException = null; 
		AuthenticationException parentException = null; 
		Authentication result = null; 
		Authentication parentResult = null; 
		boolean debug = logger.isDebugEnabled(); 
 
		for (AuthenticationProvider provider : getProviders()) {
    
			if (!provider.supports(toTest)) {
    
				continue; 
			} 
 
			if (debug) {
    
				logger.debug("Authentication attempt using " 
						+ provider.getClass().getName()); 
			} 
 
			try {
    
				result = provider.authenticate(authentication); 
 
				if (result != null) {
    
					copyDetails(authentication, result); 
					break; 
				} 
			} 
			catch (AccountStatusException | InternalAuthenticationServiceException e) {
    
				prepareException(e, authentication); 
				// SEC-546: Avoid polling additional providers if auth failure is due to 
				// invalid account status 
				throw e; 
			} catch (AuthenticationException e) {
    
				lastException = e; 
			} 
		} 
 
		if (result == null && parent != null) {
    
			// Allow the parent to try. 
			try {
    
				result = parentResult = parent.authenticate(authentication); 
			} 
			catch (ProviderNotFoundException e) {
    
				// ignore as we will throw below if no other exception occurred prior to 
				// calling parent and the parent 
				// may throw ProviderNotFound even though a provider in the child already 
				// handled the request 
			} 
			catch (AuthenticationException e) {
    
				lastException = parentException = e; 
			} 
		} 
 
		if (result != null) {
    
			if (eraseCredentialsAfterAuthentication 
					&& (result instanceof CredentialsContainer)) {
    
				// Authentication is complete. Remove credentials and other secret data 
				// from authentication 
				((CredentialsContainer) result).eraseCredentials(); 
			} 
 
			// If the parent AuthenticationManager was attempted and successful than it will publish an AuthenticationSuccessEvent 
			// This check prevents a duplicate AuthenticationSuccessEvent if the parent AuthenticationManager already published it 
			if (parentResult == null) {
    
				eventPublisher.publishAuthenticationSuccess(result); 
			} 
			return result; 
		} 
 
		// Parent was null, or didn't authenticate (or throw an exception). 
 
		if (lastException == null) {
    
			lastException = new ProviderNotFoundException(messages.getMessage( 
					"ProviderManager.providerNotFound", 
					new Object[] {
    toTest.getName() }, 
					"No AuthenticationProvider found for {0}")); 
		} 
 
		// If the parent AuthenticationManager was attempted and failed than it will publish an AbstractAuthenticationFailureEvent 
		// This check prevents a duplicate AbstractAuthenticationFailureEvent if the parent AuthenticationManager already published it 
		if (parentException == null) {
    
			prepareException(lastException, authentication); 
		} 
 
		throw lastException; 
	} 

从源码中我们可以看到providers是非常重要的一个成员变量，这个函数通过遍历列表里的一个个provider，判断它是否支持参数authentication的认证，这里我们就可以回去看一下authenticationManager变量的的providers究竟有哪些，

里面只有一项内容查阅该类的相关资料，可知这个类并不指出usernamepassword形式的authentication
难道是这里出错了？
阅读完代码后继续运行

这一步在意料之中，接着往下运行

原来除了判断自身的provider之外还需要调用parent元素中的authenticate()函数，查看parent里面的provider

可以看到parent里面的provider是可以支持认证的
接着运行可以看到调用了provider的authenticate()函数


继续stepinto查看user是如何获得的。

看到了获取Userdetail的函数loadUserByUsername

就是在这里出了问题，本来这个函数应该调用我自己书写的UserDetailsServiceImp结果却去到了另一个实现类，我判断是因为我的UserDetailsServiceImp没有被识别于是会去检查了一下代码，[email protected]
加上去之后问题解决