Java 弹簧靴&x2B;安全+;JWT可以';不生成令牌
我用JWT配置了spring引导和安全性,一切都在一段时间内发挥了神奇的作用 这是我的网站安全配置Java 弹簧靴&x2B;安全+;JWT可以';不生成令牌,java,spring-boot,spring-security,jwt,Java,Spring Boot,Spring Security,Jwt,我用JWT配置了spring引导和安全性,一切都在一段时间内发挥了神奇的作用 这是我的网站安全配置 httpSecurity .csrf().disable() .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and() .sessionManagement().sessionCreationPolicy(SessionCreationPo
httpSecurity
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/user/cadastrar/**").permitAll()
.antMatchers(HttpMethod.POST, "/auth/**").permitAll()
.anyRequest().authenticated();
httpSecurity
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
httpSecurity.headers().cacheControl();
第一条路线“/用户/地籍”运行良好
问题是我的第二条路线“/auth”
在主体上使用用户名和密码调用/auth,它将在我的JwtAuthenticationTokenFilter类中的此函数上着陆
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
String authToken = request.getHeader(this.tokenHeader);
String username = jwtTokenUtil.getUsernameFromToken(authToken);
logger.info("checking authentication for user " + username);
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
if (jwtTokenUtil.validateToken(authToken, userDetails)) {
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
logger.info("authenticated user " + username + ", setting security context");
SecurityContextHolder.getContext().setAuthentication(authentication);
}
}
chain.doFilter(request, response);
}
然后它将转到我的AuthenticationController类并运行此函数
@RequestMapping(value = "${jwt.route.authentication.path}", method = RequestMethod.POST)
public ResponseEntity<?> createAuthenticationToken(@RequestBody JwtAuthenticationRequest authenticationRequest, Device device) throws AuthenticationException {
// Perform the security
final Authentication authentication = authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(
authenticationRequest.getUsername(),
authenticationRequest.getPassword()
)
);
SecurityContextHolder.getContext().setAuthentication(authentication);
// Reload password post-security so we can generate token
final UserDetails userDetails = userDetailsService.loadUserByUsername(authenticationRequest.getUsername());
final String token = jwtTokenUtil.generateToken(userDetails, device);
// Return the token
return ResponseEntity.ok(new JwtAuthenticationResponse(token));
}
当它试图返回对象“UserNamePasswordAuthenticationToken”时,它只是将断点发送到函数“doFilterInternal”的末尾,特别是在“chain.doFilter”调用之后的括号中。问题解决了!显然,连续16小时编码会影响你的思维方式 上面的代码没有问题,出于某种原因,我将新创建的用户设置为默认禁用
// Perform the security
final Authentication authentication = authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(
authenticationRequest.getUsername(),
authenticationRequest.getPassword()
)
);