Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/java/390.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java 授权一次后不需要令牌_Java_Spring Boot_Spring Security_Jwt_Jjwt - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java 授权一次后不需要令牌

Java 授权一次后不需要令牌

java spring-boot spring-security jwt

Java 授权一次后不需要令牌,java,spring-boot,spring-security,jwt,jjwt,Java,Spring Boot,Spring Security,Jwt,Jjwt,我正在尝试使用JWT令牌实现基于令牌的身份验证。我正在使用JJWT库来实现这一点 这是我的安全配置 @Override protected void configure(HttpSecurity http) throws Exception { //http.csrf().disable(); String[] patterns = new String[] { "/login", "/bower_components/**/*",

我正在尝试使用JWT令牌实现基于令牌的身份验证。我正在使用JJWT库来实现这一点

这是我的安全配置

@Override
protected void configure(HttpSecurity http) throws Exception {
    //http.csrf().disable();

    String[] patterns = new String[] {
        "/login",
        "/bower_components/**/*",
        "/app/**/*",
        "/index.html",
        "/home.html",
        "/signin.html"
    };
    http.authorizeRequests()
            .antMatchers(patterns)
            .permitAll()
            .antMatchers("/**/*").hasAuthority("ROLE_USER")
            .antMatchers("/*").hasAuthority("ROLE_USER")
            .and()
            .addFilterBefore(jwtAuthFilter, CsrfFilter.class)
            .exceptionHandling()
            .authenticationEntryPoint(jwtAuthEndPoint)
            ;
}
我用的是springboot。 我通过以下方式调用此api来生成令牌

   curl -v -X POST "http://localhost:8080/login" -d '{"username":"greenrabbit948", "password":"celeste"}' --header "Content-Type: application/json"   | jq .
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
> POST /login HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Type: application/json
> Content-Length: 51
>
} [51 bytes data]
* upload completely sent off: 51 out of 51 bytes
< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< Token: eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJqd3QtZGVtbyIsImV4cCI6MTQ2Nzc2Njk3MSwiaXNzIjoiaW4uc2RxYWxpLmp3dCJ9.eu_OuBIkc4BfcTsTu4t_6TCwyLkH4HcuQzvWIMzNQYdxXiWA77SfvwCe4mdc7C17mXdtBAsvFGDj7A9fzI0M1w
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
< Date: Wed, 06 Jul 2016 06:02:51 GMT
{ [164 bytes data]
100   211    0   160  100    51  15071   4804 --:--:-- --:--:-- --:--:-- 16000
* Connection #0 to host localhost left intact
{
  "username": "greenrabbit948",
  "name": {
    "title": "miss",
    "first": "dionaura",
    "last": "rodrigues"
  },
  "thumbnail": "https://randomuser.me/api/portraits/thumb/women/78.jpg"
}
现在,每当我调用我以前在没有令牌的情况下再次调用的相同API时,就会显示数据。我怎样才能阻止这种事情发生?如何强制令牌,以便仅当令牌存在时才显示数据?
这是在我使用POSTMAN调用API时发生的。

您可以编写获取令牌的函数gettoken()。如果令牌可用,则返回true,否则返回false。希望您能得到答案。

为了实现这一点,您需要实现类似OAuth2的授权框架,并添加以下注释

  @PreAuthorize("#oauth2.hasScope('read') and #oauth2.hasScope('read')")
这将确保只有在传递有效令牌时,客户端才能访问服务

显示jwtAuthFilter和jwtAuthEndPoint的实现 
  @PreAuthorize("#oauth2.hasScope('read') and #oauth2.hasScope('read')")