Spring boot 发送有效令牌时出现Spring安全禁止错误
我创建了一个RESTAPI,当点击authenticate时,它会返回一个JWT令牌。我使用令牌访问受保护的rest端点,但仍然得到403禁止响应Spring boot 发送有效令牌时出现Spring安全禁止错误,spring-boot,spring-security,Spring Boot,Spring Security,我创建了一个RESTAPI,当点击authenticate时,它会返回一个JWT令牌。我使用令牌访问受保护的rest端点,但仍然得到403禁止响应 securityconfigure class @EnableWebSecurity public class SecurityConfigurer extends WebSecurityConfigurerAdapter{ @Autowired private MyUserDetailsService myUserDeta
securityconfigure class
@EnableWebSecurity
public class SecurityConfigurer extends WebSecurityConfigurerAdapter{
@Autowired
private MyUserDetailsService myUserDetailsService;
@Autowired
private JwtRequestFilter jwtRequestFilter;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(myUserDetailsService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().cors().disable()
.authorizeRequests().antMatchers("/authenticate").permitAll()
.anyRequest().authenticated()
.and().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception{
return super.authenticationManagerBean();
}
@Bean
public PasswordEncoder passwordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
}
filter class
@Component
public class JwtRequestFilter extends OncePerRequestFilter{
@Autowired
private MyUserDetailsService userDetailsService;
@Autowired
private jwtUtil JwtUtil;
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
final String authorizationHeader = request.getHeader("Authorization");
String username = null;
String jwt = null;
if(authorizationHeader != null && authorizationHeader.startsWith("Bearer "))
{
jwt = authorizationHeader.substring(7);
username = JwtUtil.extractUserName(jwt);
}
if(username != null && SecurityContextHolder.getContext().getAuthentication() != null) {
UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
if(JwtUtil.validateToken(jwt,userDetails)) {
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(
userDetails,null,userDetails.getAuthorities());
usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
}
}
filterChain.doFilter(request,response);
}
}
controller
@RestController
public class HelloResource {
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private MyUserDetailsService userDetailsService;
@Autowired
private jwtUtil jwtUtilToken;
@RequestMapping({"/hello"})
public String hello(){
return "hello world";
}
@RequestMapping(value = "/authenticate",method = RequestMethod.POST)
public ResponseEntity<?> craeteAuthenticationToken(@RequestBody AuthenticationRequest authenticationRequest)
throws Exception{
try {
authenticationManager.authenticate
(new UsernamePasswordAuthenticationToken(authenticationRequest.getUserName(),authenticationRequest.getPassword()));
}
catch(BadCredentialsException e) {
throw new Exception("Incorrect username or password");
}
final UserDetails userDetails = userDetailsService.loadUserByUsername(authenticationRequest.getUserName());
final String jwt = jwtUtilToken.generateToken(userDetails);
return ResponseEntity.ok(new AuthenticationResponse(jwt));
}
}
{
"timestamp": "2020-07-15T04:21:52.246+00:00",
"status": 403,
"error": "Forbidden",
"message": "",
"path": "/hello"
}