Java JWT跳过登录页面的URL
我想跳过/preLogin请求的JWT令牌身份验证 我已经在JwtSecurityConfig文件中尝试过了,但没有成功Java JWT跳过登录页面的URL,java,spring-boot,jwt,Java,Spring Boot,Jwt,我想跳过/preLogin请求的JWT令牌身份验证 我已经在JwtSecurityConfig文件中尝试过了,但没有成功 @Override public void configure(WebSecurity web) throws Exception { web.ignoring().antMatchers("/api/preLogin"); } 在我的服务器应用程序中,我编写了以下方法来实现它: //JwtAuthenticationTokenFilter.java import
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/api/preLogin");
}
在我的服务器应用程序中,我编写了以下方法来实现它:
//JwtAuthenticationTokenFilter.java
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
public class JwtAuthenticationTokenFilter extends AbstractAuthenticationProcessingFilter {
public JwtAuthenticationTokenFilter() {
super("/api/**");
}
@Override
public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException, ServletException {
String header = httpServletRequest.getHeader("Authorisation");
if (header == null || !header.startsWith("Token ")) {
throw new RuntimeException("JWT Token is missing");
}
String authenticationToken = header.substring(6);
JwtAuthenticationToken token = new JwtAuthenticationToken(authenticationToken);
return getAuthenticationManager().authenticate(token);
}
@Override
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException {
super.successfulAuthentication(request, response, chain, authResult);
chain.doFilter(request, response);
}
}
//JwtSecurityConfig.java
import java.util.Collections;
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
@Configuration
public class JwtSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private JwtAuthenticationProvider authenticationProvider;
@Autowired
private JwtAuthenticationEntryPoint entryPoint;
@Bean
public AuthenticationManager authenticationManager() {
return new ProviderManager(Collections.singletonList(authenticationProvider));
}
@Bean
public JwtAuthenticationTokenFilter authenticationTokenFilter() {
JwtAuthenticationTokenFilter filter = new JwtAuthenticationTokenFilter();
filter.setAuthenticationManager(authenticationManager());
filter.setAuthenticationSuccessHandler(new JwtSuccessHandler());
return filter;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests( ).antMatchers( "/api/preLogin" ).permitAll();
http.authorizeRequests().antMatchers("**/api/**").authenticated()
.and()
.exceptionHandling().authenticationEntryPoint(entryPoint)
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(authenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
http.headers().cacheControl();
}
}
但对于“/api/preLogin”请求,它也表示“缺少JWT令牌”
感谢您提供的任何帮助。要从身份验证中跳过一些URL,请使用第二个安全配置程序:
@Configuration
@EnableWebSecurity
@Order(1)
public class SecondSecurityConfigurer extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/api/preLogin")
.antMatcher("/api/otherEndpoint")
.authorizeRequests()
.anyRequest().permitAll()
.and()
.csrf().disable();
}
}
请检查以下url。如果您仍然不理解,那么我可以解释。我在上面的代码中寻找跳过URL的更改。很抱歉,它不起作用,应用程序中没有声明上下文路径。我没有使用spring security进行登录,我只想从JWT标记化中跳过几个URL。在这种情况下,如果(header==null | |!header.startsWith(“Token”){抛出新的RuntimeException(“JWT Token丢失”);}