Java 弹簧靴&x2B；安全+；JWT可以'；不生成令牌_Java_Spring Boot_Spring Security_Jwt

Java 弹簧靴&x2B；安全+；JWT可以'；不生成令牌

java spring-boot spring-security jwt

Java 弹簧靴&x2B；安全+；JWT可以'；不生成令牌,java,spring-boot,spring-security,jwt,Java,Spring Boot,Spring Security,Jwt,我用JWT配置了spring引导和安全性，一切都在一段时间内发挥了神奇的作用这是我的网站安全配置 httpSecurity .csrf().disable() .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and() .sessionManagement().sessionCreationPolicy(SessionCreationPo

我用JWT配置了spring引导和安全性，一切都在一段时间内发挥了神奇的作用

这是我的网站安全配置

httpSecurity
            .csrf().disable()
            .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
            .authorizeRequests()
            .antMatchers(HttpMethod.POST, "/user/cadastrar/**").permitAll()
            .antMatchers(HttpMethod.POST, "/auth/**").permitAll()
            .anyRequest().authenticated();
    httpSecurity
            .addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
    httpSecurity.headers().cacheControl();

第一条路线“/用户/地籍”运行良好

问题是我的第二条路线“/auth” 在主体上使用用户名和密码调用/auth，它将在我的JwtAuthenticationTokenFilter类中的此函数上着陆

protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
    String authToken = request.getHeader(this.tokenHeader);
    String username = jwtTokenUtil.getUsernameFromToken(authToken);
    logger.info("checking authentication for user " + username);
    if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
        UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
        if (jwtTokenUtil.validateToken(authToken, userDetails)) {
            UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
            authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
            logger.info("authenticated user " + username + ", setting security context");
            SecurityContextHolder.getContext().setAuthentication(authentication);
        }
    }
    chain.doFilter(request, response);
}

然后它将转到我的AuthenticationController类并运行此函数

@RequestMapping(value = "${jwt.route.authentication.path}", method = RequestMethod.POST)
public ResponseEntity<?> createAuthenticationToken(@RequestBody JwtAuthenticationRequest authenticationRequest, Device device) throws AuthenticationException {

    // Perform the security
    final Authentication authentication = authenticationManager.authenticate(
            new UsernamePasswordAuthenticationToken(
                    authenticationRequest.getUsername(),
                    authenticationRequest.getPassword()
            )
    );
    SecurityContextHolder.getContext().setAuthentication(authentication);

    // Reload password post-security so we can generate token
    final UserDetails userDetails = userDetailsService.loadUserByUsername(authenticationRequest.getUsername());
    final String token = jwtTokenUtil.generateToken(userDetails, device);

    // Return the token
    return ResponseEntity.ok(new JwtAuthenticationResponse(token));
}

当它试图返回对象“UserNamePasswordAuthenticationToken”时，它只是将断点发送到函数“doFilterInternal”的末尾，特别是在“chain.doFilter”调用之后的括号中。

问题解决了！显然，连续16小时编码会影响你的思维方式

上面的代码没有问题，出于某种原因，我将新创建的用户设置为默认禁用

// Perform the security
    final Authentication authentication = authenticationManager.authenticate(
            new UsernamePasswordAuthenticationToken(
                    authenticationRequest.getUsername(),
                    authenticationRequest.getPassword()
            )
    );