Java 带有JWT的Web和Http安全配置（忽略登录路径问题）_Java_Reactjs_Spring_Spring Security_Jwt

Java 带有JWT的Web和Http安全配置（忽略登录路径问题）

java reactjs spring spring-security jwt

Java 带有JWT的Web和Http安全配置（忽略登录路径问题）,java,reactjs,spring,spring-security,jwt,Java,Reactjs,Spring,Spring Security,Jwt,我正在使用JWT和react制作一个带有Spring security的应用程序。然而，它的行为却很奇怪。在我根据教程编写的配置文件中，它说我只需要忽略登录路径。它工作，我可以登录，但在我获得令牌后，配置咒骂我说我无法访问路径。。。我现在有代币了！如何修复它？我的配置文件： @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) public class WebSecurityCon

我正在使用JWT和react制作一个带有Spring security的应用程序。然而，它的行为却很奇怪。在我根据教程编写的配置文件中，它说我只需要忽略登录路径。它工作，我可以登录，但在我获得令牌后，配置咒骂我说我无法访问路径。。。我现在有代币了！如何修复它？我的配置文件：

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private JwtUnAuthorizedResponseAuthenticationEntryPoint jwtUnAuthorizedResponseAuthenticationEntryPoint;

    @Autowired
    private UserDetailsService jwtInMemoryUserDetailsService;

    @Autowired
    private JwtTokenAuthorizationOncePerRequestFilter jwtAuthenticationTokenFilter;

    @Value("${jwt.get.token.uri}")
    private String authenticationPath;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .userDetailsService(jwtInMemoryUserDetailsService)
            .passwordEncoder(passwordEncoderBean());
    }

    @Bean
    public PasswordEncoder passwordEncoderBean() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity
            .csrf().disable()
            .exceptionHandling().authenticationEntryPoint(jwtUnAuthorizedResponseAuthenticationEntryPoint).and()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
            .authorizeRequests()
            .anyRequest().authenticated();

       httpSecurity
            .addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);

        httpSecurity
            .headers()
            .frameOptions().sameOrigin()  //H2 Console Needs this setting
            .cacheControl(); //disable caching
    }

    @Override
    public void configure(WebSecurity webSecurity) throws Exception {
        webSecurity
            .ignoring()
            .antMatchers(
                HttpMethod.POST,
                authenticationPath
            )
            .antMatchers(HttpMethod.OPTIONS, "/**")
            .and()
            .ignoring()
            .antMatchers(
                HttpMethod.GET,
                "/map-runner/", "/map-runner/static/**", "/static/**", "/map-runner/login", "/", "/login"
            );
    }
}

及

@配置
公共类配置实现WebMVCConfiguer{
@凌驾
public void addResourceHandlers（ResourceHandlerRegistry注册表）{
ResourceResolver解析器=新的ReactResourceResolver（）；
registry.addResourceHandler（“/**”）
.resourceChain（真实）
.addResolver（解析器）；
}
公共类ReactResourceResolver实现ResourceResolver{
私有静态最终字符串REACT_DIR=“/static/”；
私有静态最终字符串REACT\u static\u DIR=“static”；
私有资源索引=新类路径资源（REACT_DIR+“index.html”）；
私有列表rootStaticFiles=Arrays.asList（“favicon.ico”，
“assetmanifest.json”、“manifest.json”、“service worker.js”）；
@凌驾
公共资源resolveResource（HttpServletRequest请求、字符串请求路径、，
List能否请您提供有关您点击的URL和错误的具体信息？我正在尝试访问hocalhost:8080/map runner/calculations这是成功登录后应显示的页面。我还有一个服务器端datatables get请求，该请求说我需要提供令牌（我为这些情况设置的自定义消息）未过期的JWT应该是每个后续请求的一部分。还要检查jwtFilter是否成功验证了这些请求上的令牌
@Configuration
public class Config implements WebMvcConfigurer {

    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
        ResourceResolver resolver = new ReactResourceResolver();
        registry.addResourceHandler("/**")
                .resourceChain(true)
                .addResolver(resolver);
    }

    public class ReactResourceResolver implements ResourceResolver {
        private static final String REACT_DIR = "/static/";
        private static final String REACT_STATIC_DIR = "static";

        private Resource index = new ClassPathResource(REACT_DIR + "index.html");
        private List<String> rootStaticFiles = Arrays.asList("favicon.ico",
                "asset-manifest.json", "manifest.json", "service-worker.js");

        @Override
        public Resource resolveResource(HttpServletRequest request, String requestPath,
                                        List<? extends Resource> locations, ResourceResolverChain chain) {
            return resolve(requestPath, locations);
        }

        @Override
        public String resolveUrlPath(String resourcePath, List<? extends Resource> locations, ResourceResolverChain chain) {
            Resource resolvedResource = resolve(resourcePath, locations);
            if (resolvedResource == null) {
                return null;
            }
            try {
                return resolvedResource.getURL().toString();
            } catch (IOException e) {
                return resolvedResource.getFilename();
            }
        }

        private Resource resolve(String requestPath, List<? extends Resource> locations) {

            if (requestPath == null) return null;

            if (rootStaticFiles.contains(requestPath)
                    || requestPath.startsWith(REACT_STATIC_DIR)) {
                return new ClassPathResource(REACT_DIR + requestPath);
            } else
                return index;
        }

    }

}