0
我使用Spring安全认证登录,我在securityContext.xml配置Spring安全春季安全令牌JWT
<http auto-config="false" use-expressions="true">
<intercept-url pattern="/**" access="hasRole('ROLE_DEV-TEAM')" />
<intercept-url pattern="/customerMgt/customers/admin/**" access="hasRole('ROLE_ADD-COMPANY')" />
<form-login login-page="/login" default-target-url="/main" always-use-default-target="true" authentication-failure-url="/login?error=1"/>
<session-management />
<logout logout-success-url="/login"/>
<!--remember-me /--> <!-- AlexR: I did not have much luck with it in the past and IMO it presents security risk under strict DOD, etc. requirements -->
</http>
<beans:bean name="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
<authentication-manager>
<ldap-authentication-provider
user-search-filter="(uid={0})"
user-search-base="ou=Users"
group-search-filter="(uniqueMember={0})"
group-search-base="ou=Groups"
group-role-attribute="cn"
role-prefix="ROLE_">
在LDAP将是数据库
更换而不是设置会话中的令牌和重定向客户端我想创建一个带令牌的自定义JWT并将其发送回客户端