Spring boot JWT Auth 详细信息为空

Question

我使用 Jhipster 创建了 Spring Boot 应用程序。我想创建将捕获失败的身份验证的侦听器。

@Component
public class AuthenticationFailureListener
implements ApplicationListener<AuthenticationFailureBadCredentialsEvent> {

@Autowired
private LoginAttemptService loginAttemptService;

public void onApplicationEvent(AuthenticationFailureBadCredentialsEvent e) {
    WebAuthenticationDetails auth = (WebAuthenticationDetails) e.getAuthentication().getDetails();
    if(auth!=null) {
        loginAttemptService.loginFailed(auth.getRemoteAddress());
    }
}
}

我正在使用 JWT。当我调试此方法时，我可以看到电子邮件和密码，但详细信息为空。所以 auth 对象是空的，所以我看不到哪个 IP 用户试图登录。为了在此处获取详细信息，我应该进行哪些更改？

Answer 1

我使用了类似的方法，但注入了 HttpRequest

@Component
public class AuthenticationFailureEventListener implements ApplicationListener<AuthenticationFailureBadCredentialsEvent> {
    private final Logger log = LoggerFactory.getLogger(AuthenticationFailureEventListener.class);
    private final HttpServletRequest request;

    private final LoginAttemptService loginAttemptService;

    public AuthenticationFailureEventListener(HttpServletRequest request, LoginAttemptService loginAttemptService) {
        this.request = request;
        this.loginAttemptService = loginAttemptService;
    }

    @Override
    public void onApplicationEvent(final AuthenticationFailureBadCredentialsEvent e) {
        log.debug("Failed login try from {}", request.getRemoteAddr());
        final String xfHeader = request.getHeader("X-Forwarded-For");
        if (xfHeader == null) {
            loginAttemptService.loginFailed(request.getRemoteAddr());
        } else {
            loginAttemptService.loginFailed(xfHeader.split(",")[0]);
        }
    }

}

这真的很好用。