Java 如何使用在tiers microservice中生成的令牌返回HttpResponse
起来! 编辑: 也许我的问题还不够清楚:我在API web控制器的控制器中的HttpResponse似乎不包含我在MS身份验证中放入的cookie或Jwt令牌。我认为问题可能在于我在代理接口中声明的方法。我需要什么样的回报来更新我的回复 我有一个微服务“身份验证”,一个带Zuul的网关和一个Api web 我使用spring引导安全性实现jwt令牌安全性 当我的用户尝试从api web登录时,用户名和密码被发送到MS Authentication(Zuul被配置为允许任何人调用此MS),在验证用户是否在数据库中后,它生成一个令牌 我的问题是,我无法返回包含令牌的响应(或者cookie,我尝试将令牌放入cookie并在响应中添加cookie) 这是我第一个使用spring boot和micro服务的项目 当我不使用Api并使用postmann进行测试时,令牌将返回响应 这是我的密码: Api web中的LoginControllerJava 如何使用在tiers microservice中生成的令牌返回HttpResponse,java,rest,spring-security,jwt,microservices,Java,Rest,Spring Security,Jwt,Microservices,起来! 编辑: 也许我的问题还不够清楚:我在API web控制器的控制器中的HttpResponse似乎不包含我在MS身份验证中放入的cookie或Jwt令牌。我认为问题可能在于我在代理接口中声明的方法。我需要什么样的回报来更新我的回复 我有一个微服务“身份验证”,一个带Zuul的网关和一个Api web 我使用spring引导安全性实现jwt令牌安全性 当我的用户尝试从api web登录时,用户名和密码被发送到MS Authentication(Zuul被配置为允许任何人调用此MS),在验证用
@Controller
public class LoginController {
private final BookProxy bookProxy;
@Autowired
public LoginController(BookProxy bookProxy) {
this.bookProxy = bookProxy;
}
@GetMapping("/login")
public String loginForm(Model model){
model.addAttribute("user",new UserBean());
return "login";
}
@PostMapping("/login")
public String doLogin(@ModelAttribute UserBean user){
bookProxy.authenticateClient(user);
return "Home";
}
}
@FeignClient(name = "zuul-server", url = "localhost:8762")
public interface Proxy {
/* Login */
@PostMapping("/auth/login")
void authenticateClient(@RequestBody UserBean user);
}
Api-web中的代理
@Controller
public class LoginController {
private final BookProxy bookProxy;
@Autowired
public LoginController(BookProxy bookProxy) {
this.bookProxy = bookProxy;
}
@GetMapping("/login")
public String loginForm(Model model){
model.addAttribute("user",new UserBean());
return "login";
}
@PostMapping("/login")
public String doLogin(@ModelAttribute UserBean user){
bookProxy.authenticateClient(user);
return "Home";
}
}
@FeignClient(name = "zuul-server", url = "localhost:8762")
public interface Proxy {
/* Login */
@PostMapping("/auth/login")
void authenticateClient(@RequestBody UserBean user);
}
Zuul网关中的SecurityConfig
@EnableWebSecurity
public class SecurityTokenConfig extends WebSecurityConfigurerAdapter {
// Roles
private static final String ADMIN = "ADMIN";
private static final String EMPLOYEE = "EMPLOYEE";
private static final String CLIENT = "CLIENT";
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.addFilterAfter(new JwtTokenAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
.authorizeRequests()
.antMatchers("/auth/**").permitAll()
.antMatchers("/book/**").hasAnyRole(ADMIN,EMPLOYEE)
.anyRequest().authenticated();
}
}
MS身份验证中的SecurityConfig
@EnableWebSecurity
public class SecurityCredentialsConfig extends WebSecurityConfigurerAdapter {
private final UserPrincipalDetailsService userPrincipalDetailsService;
@Autowired
public SecurityCredentialsConfig(UserPrincipalDetailsService userPrincipalDetailsService) {
this.userPrincipalDetailsService = userPrincipalDetailsService;
}
// Roles
private static final String ADMIN = "ADMIN";
private static final String EMPLOYEE = "EMPLOYEE";
private static final String CLIENT = "CLIENT";
@Override
protected void configure(AuthenticationManagerBuilder auth){
auth
.authenticationProvider(authenticationProvider());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.addFilter(new JwtUsernameAndPasswordAuthenticationFilter(authenticationManager()))
.authorizeRequests()
.antMatchers(HttpMethod.POST,"/auth/Login").permitAll()
.antMatchers("/book/consult/**").hasAnyRole(ADMIN,EMPLOYEE)
.antMatchers("/book/**").hasAnyRole(ADMIN,EMPLOYEE)
.anyRequest().authenticated();
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
DaoAuthenticationProvider authenticationProvider(){
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
daoAuthenticationProvider.setUserDetailsService(userPrincipalDetailsService);
return daoAuthenticationProvider;
}
}
public class JwtUsernameAndPasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
private Logger log = LoggerFactory.getLogger(this.getClass());
// We use auth manager to validate the user credentials
private AuthenticationManager authManager;
JwtUsernameAndPasswordAuthenticationFilter(AuthenticationManager authManager) {
this.authManager = authManager;
// By default, UsernamePasswordAuthenticationFilter listens to "/login" path.
// I use "/auth" path so i need to override the defaults.
this.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher(JwtConfig.URI, "POST"));
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException {
// Grab credentials and map them to login viewmodel
LoginViewModel credentials = null;
try {
credentials = new ObjectMapper().readValue(request.getInputStream(), LoginViewModel.class);
} catch (IOException e) {
log.error(e.getMessage());
}
// Create login token
assert credentials != null;
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
credentials.getUsername(),
credentials.getPassword(),
new ArrayList<>());
// Return authenticate user
return authManager.authenticate(authenticationToken);
}
// Upon successful authentication, generate a token.
// The 'auth' passed to successfulAuthentication() is the current authenticated user.
@Override
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
Authentication auth) throws IOException, ServletException {
// Grab principal
UserPrincipal principal = (UserPrincipal) auth.getPrincipal();
String token = JWT.create()
//.withHeader(headerClaims)
.withClaim("role","ROLE_" + principal.getRole())
.withSubject(principal.getUsername())
.withExpiresAt(new Date(System.currentTimeMillis() + JwtConfig.EXPIRATION))
.sign(HMAC512(JwtConfig.SECRET.getBytes()));
// ADD COOKIES
Cookie cookie = new Cookie(JwtConfig.HEADER, token);
cookie.setSecure(false);
cookie.setHttpOnly(true);
cookie.setMaxAge(999999);
cookie.setDomain("localhost");
cookie.setPath("/");
// Add token and cookie in response (try both)
response.addHeader(JwtConfig.HEADER, JwtConfig.PREFIX + token);
response.addCookie(cookie);
}
}
对用户进行身份验证的筛选器在MS身份验证中生成令牌
@EnableWebSecurity
public class SecurityCredentialsConfig extends WebSecurityConfigurerAdapter {
private final UserPrincipalDetailsService userPrincipalDetailsService;
@Autowired
public SecurityCredentialsConfig(UserPrincipalDetailsService userPrincipalDetailsService) {
this.userPrincipalDetailsService = userPrincipalDetailsService;
}
// Roles
private static final String ADMIN = "ADMIN";
private static final String EMPLOYEE = "EMPLOYEE";
private static final String CLIENT = "CLIENT";
@Override
protected void configure(AuthenticationManagerBuilder auth){
auth
.authenticationProvider(authenticationProvider());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.addFilter(new JwtUsernameAndPasswordAuthenticationFilter(authenticationManager()))
.authorizeRequests()
.antMatchers(HttpMethod.POST,"/auth/Login").permitAll()
.antMatchers("/book/consult/**").hasAnyRole(ADMIN,EMPLOYEE)
.antMatchers("/book/**").hasAnyRole(ADMIN,EMPLOYEE)
.anyRequest().authenticated();
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
DaoAuthenticationProvider authenticationProvider(){
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
daoAuthenticationProvider.setUserDetailsService(userPrincipalDetailsService);
return daoAuthenticationProvider;
}
}
public class JwtUsernameAndPasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
private Logger log = LoggerFactory.getLogger(this.getClass());
// We use auth manager to validate the user credentials
private AuthenticationManager authManager;
JwtUsernameAndPasswordAuthenticationFilter(AuthenticationManager authManager) {
this.authManager = authManager;
// By default, UsernamePasswordAuthenticationFilter listens to "/login" path.
// I use "/auth" path so i need to override the defaults.
this.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher(JwtConfig.URI, "POST"));
}
@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException {
// Grab credentials and map them to login viewmodel
LoginViewModel credentials = null;
try {
credentials = new ObjectMapper().readValue(request.getInputStream(), LoginViewModel.class);
} catch (IOException e) {
log.error(e.getMessage());
}
// Create login token
assert credentials != null;
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
credentials.getUsername(),
credentials.getPassword(),
new ArrayList<>());
// Return authenticate user
return authManager.authenticate(authenticationToken);
}
// Upon successful authentication, generate a token.
// The 'auth' passed to successfulAuthentication() is the current authenticated user.
@Override
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
Authentication auth) throws IOException, ServletException {
// Grab principal
UserPrincipal principal = (UserPrincipal) auth.getPrincipal();
String token = JWT.create()
//.withHeader(headerClaims)
.withClaim("role","ROLE_" + principal.getRole())
.withSubject(principal.getUsername())
.withExpiresAt(new Date(System.currentTimeMillis() + JwtConfig.EXPIRATION))
.sign(HMAC512(JwtConfig.SECRET.getBytes()));
// ADD COOKIES
Cookie cookie = new Cookie(JwtConfig.HEADER, token);
cookie.setSecure(false);
cookie.setHttpOnly(true);
cookie.setMaxAge(999999);
cookie.setDomain("localhost");
cookie.setPath("/");
// Add token and cookie in response (try both)
response.addHeader(JwtConfig.HEADER, JwtConfig.PREFIX + token);
response.addCookie(cookie);
}
}