Spring boot JWT Auth 详细信息为空

Posted 2023-03-10

【中文标题】Spring boot JWT Auth 详细信息为空

【英文标题】：Spring boot JWT Auth details are null

【发布时间】：2020-05-09 21:34:48

【问题描述】：

我使用 Jhipster 创建了 Spring Boot 应用程序。我想创建将捕获失败的身份验证的侦听器。

@Component
public class AuthenticationFailureListener
implements ApplicationListener<AuthenticationFailureBadCredentialsEvent> 

@Autowired
private LoginAttemptService loginAttemptService;

public void onApplicationEvent(AuthenticationFailureBadCredentialsEvent e) 
    WebAuthenticationDetails auth = (WebAuthenticationDetails) e.getAuthentication().getDetails();
    if(auth!=null) 
        loginAttemptService.loginFailed(auth.getRemoteAddress());
    

我正在使用 JWT。当我调试此方法时，我可以看到电子邮件和密码，但详细信息为空。所以 auth 对象是空的，所以我看不到哪个 IP 用户试图登录。为了在此处获取详细信息，我应该进行哪些更改？

【参考方案1】：

我使用了类似的方法，但注入了 HttpRequest

@Component
public class AuthenticationFailureEventListener implements ApplicationListener<AuthenticationFailureBadCredentialsEvent> 
    private final Logger log = LoggerFactory.getLogger(AuthenticationFailureEventListener.class);
    private final HttpServletRequest request;

    private final LoginAttemptService loginAttemptService;

    public AuthenticationFailureEventListener(HttpServletRequest request, LoginAttemptService loginAttemptService) 
        this.request = request;
        this.loginAttemptService = loginAttemptService;
    

    @Override
    public void onApplicationEvent(final AuthenticationFailureBadCredentialsEvent e) 
        log.debug("Failed login try from ", request.getRemoteAddr());
        final String xfHeader = request.getHeader("X-Forwarded-For");
        if (xfHeader == null) 
            loginAttemptService.loginFailed(request.getRemoteAddr());
         else 
            loginAttemptService.loginFailed(xfHeader.split(",")[0]);
        
    

这真的很好用。