Java 带有JWT的Web和Http安全配置(忽略登录路径问题)
我正在使用JWT和react制作一个带有Spring security的应用程序。然而,它的行为却很奇怪。在我根据教程编写的配置文件中,它说我只需要忽略登录路径。它工作,我可以登录,但在我获得令牌后,配置咒骂我说我无法访问路径。。。我现在有代币了!如何修复它?我的配置文件:Java 带有JWT的Web和Http安全配置(忽略登录路径问题),java,reactjs,spring,spring-security,jwt,Java,Reactjs,Spring,Spring Security,Jwt,我正在使用JWT和react制作一个带有Spring security的应用程序。然而,它的行为却很奇怪。在我根据教程编写的配置文件中,它说我只需要忽略登录路径。它工作,我可以登录,但在我获得令牌后,配置咒骂我说我无法访问路径。。。我现在有代币了!如何修复它?我的配置文件: @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class WebSecurityCon
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private JwtUnAuthorizedResponseAuthenticationEntryPoint jwtUnAuthorizedResponseAuthenticationEntryPoint;
@Autowired
private UserDetailsService jwtInMemoryUserDetailsService;
@Autowired
private JwtTokenAuthorizationOncePerRequestFilter jwtAuthenticationTokenFilter;
@Value("${jwt.get.token.uri}")
private String authenticationPath;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(jwtInMemoryUserDetailsService)
.passwordEncoder(passwordEncoderBean());
}
@Bean
public PasswordEncoder passwordEncoderBean() {
return new BCryptPasswordEncoder();
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(jwtUnAuthorizedResponseAuthenticationEntryPoint).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
.anyRequest().authenticated();
httpSecurity
.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
httpSecurity
.headers()
.frameOptions().sameOrigin() //H2 Console Needs this setting
.cacheControl(); //disable caching
}
@Override
public void configure(WebSecurity webSecurity) throws Exception {
webSecurity
.ignoring()
.antMatchers(
HttpMethod.POST,
authenticationPath
)
.antMatchers(HttpMethod.OPTIONS, "/**")
.and()
.ignoring()
.antMatchers(
HttpMethod.GET,
"/map-runner/", "/map-runner/static/**", "/static/**", "/map-runner/login", "/", "/login"
);
}
}
及
@配置
公共类配置实现WebMVCConfiguer{
@凌驾
public void addResourceHandlers(ResourceHandlerRegistry注册表){
ResourceResolver解析器=新的ReactResourceResolver();
registry.addResourceHandler(“/**”)
.resourceChain(真实)
.addResolver(解析器);
}
公共类ReactResourceResolver实现ResourceResolver{
私有静态最终字符串REACT_DIR=“/static/”;
私有静态最终字符串REACT\u static\u DIR=“static”;
私有资源索引=新类路径资源(REACT_DIR+“index.html”);
私有列表rootStaticFiles=Arrays.asList(“favicon.ico”,
“assetmanifest.json”、“manifest.json”、“service worker.js”);
@凌驾
公共资源resolveResource(HttpServletRequest请求、字符串请求路径、,
List能否请您提供有关您点击的URL和错误的具体信息?我正在尝试访问hocalhost:8080/map runner/calculations这是成功登录后应显示的页面。我还有一个服务器端datatables get请求,该请求说我需要提供令牌(我为这些情况设置的自定义消息)未过期的JWT应该是每个后续请求的一部分。还要检查jwtFilter是否成功验证了这些请求上的令牌
@Configuration
public class Config implements WebMvcConfigurer {
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
ResourceResolver resolver = new ReactResourceResolver();
registry.addResourceHandler("/**")
.resourceChain(true)
.addResolver(resolver);
}
public class ReactResourceResolver implements ResourceResolver {
private static final String REACT_DIR = "/static/";
private static final String REACT_STATIC_DIR = "static";
private Resource index = new ClassPathResource(REACT_DIR + "index.html");
private List<String> rootStaticFiles = Arrays.asList("favicon.ico",
"asset-manifest.json", "manifest.json", "service-worker.js");
@Override
public Resource resolveResource(HttpServletRequest request, String requestPath,
List<? extends Resource> locations, ResourceResolverChain chain) {
return resolve(requestPath, locations);
}
@Override
public String resolveUrlPath(String resourcePath, List<? extends Resource> locations, ResourceResolverChain chain) {
Resource resolvedResource = resolve(resourcePath, locations);
if (resolvedResource == null) {
return null;
}
try {
return resolvedResource.getURL().toString();
} catch (IOException e) {
return resolvedResource.getFilename();
}
}
private Resource resolve(String requestPath, List<? extends Resource> locations) {
if (requestPath == null) return null;
if (rootStaticFiles.contains(requestPath)
|| requestPath.startsWith(REACT_STATIC_DIR)) {
return new ClassPathResource(REACT_DIR + requestPath);
} else
return index;
}
}
}