Spring boot spring引导安全性未按预期工作
我有一个android客户端试图使用api rest服务 Spring安全配置:Spring boot spring引导安全性未按预期工作,spring-boot,spring-security,spring-boot-configuration,Spring Boot,Spring Security,Spring Boot Configuration,我有一个android客户端试图使用api rest服务 Spring安全配置: @Override protected void configure(HttpSecurity httpSecurity) throws Exception { httpSecurity.csrf().disable() .authorizeRequests().antMatchers("/authenticateAPI").pe
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.csrf().disable()
.authorizeRequests().antMatchers("/authenticateAPI").permitAll().
anyRequest().authenticated().and().
exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint)
.and().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
httpSecurity.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
}
从邮递员那里我得到了jwt:
但是。。。从Android客户端,当按下登录按钮时,我陷入了build()
public class ApiClient {
public static final String BASE_URL = "http://192.168.0.64:8080/";
private static Retrofit retrofit = null;
public static Retrofit getClient() {
if (retrofit == null) {
Gson gson = new GsonBuilder()
.setLenient()
.create();
retrofit = new Retrofit.Builder()
.baseUrl(BASE_URL)
.addConverterFactory(GsonConverterFactory.create(gson))
.build(); // I GET AN ERROR HERE
}
return retrofit;
}
}
API日志显示,方法doFilterInternal中的JwtFilter类中的“JWT令牌不以承载关键字“开头”
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
final String requestTokenHeader = request.getHeader("Authorization");
String username = null;
String jwtToken = null;
if (requestTokenHeader != null && requestTokenHeader.startsWith("Bearer ")) {
jwtToken = requestTokenHeader.substring(7);
try {
username = jwtTokenUtil.getUsernameFromToken(jwtToken);
} catch (IllegalArgumentException e) {
System.out.println("Unable to get JWT Token for this user");
} catch (ExpiredJwtException e) {
System.out.println("JWT Token has been expired"); **************HERE***************
}
} else {
logger.warn("JWT Token do not start with Bearer keyword");
}
因为requestTokenHeader为null,但当我进行身份验证时,我不需要令牌,系统会请求它
如果设置为“.authorizeRequests().antMatchers(“/authenticateAPI”).permitAll()”
我想问题出在spring安全设置中,但我看不出来,请帮我解决