我使用 JWT 配置了 Spring Boot 和安全性,一段时间内一切都产生了奇迹。
这是我的 webSecurityConfig
httpSecurity
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
.antMatchers(HttpMethod.POST, "/user/cadastrar/**").permitAll()
.antMatchers(HttpMethod.POST, "/auth/**").permitAll()
.anyRequest().authenticated();
httpSecurity
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
httpSecurity.headers().cacheControl();
第一条路线“/users/cadadstrar”工作正常。
问题是我的第二条路线“/auth”在主体上使用用户名和密码调用 /auth 它将落在我的 JwtAuthenticationTokenFilter 类中的此函数上
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
String authToken = request.getHeader(this.tokenHeader);
String username = jwtTokenUtil.getUsernameFromToken(authToken);
logger.info("checking authentication for user " + username);
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UserDetails userDetails = this.userDetailsService.loadUserByUsername(username);
if (jwtTokenUtil.validateToken(authToken, userDetails)) {
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
logger.info("authenticated user " + username + ", setting security context");
SecurityContextHolder.getContext().setAuthentication(authentication);
}
}
chain.doFilter(request, response);
}
然后它将转到我的 AuthenticationController 类并运行此函数
@RequestMapping(value = "${jwt.route.authentication.path}", method = RequestMethod.POST)
public ResponseEntity<?> createAuthenticationToken(@RequestBody JwtAuthenticationRequest authenticationRequest, Device device) throws AuthenticationException {
// Perform the security
final Authentication authentication = authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(
authenticationRequest.getUsername(),
authenticationRequest.getPassword()
)
);
SecurityContextHolder.getContext().setAuthentication(authentication);
// Reload password post-security so we can generate token
final UserDetails userDetails = userDetailsService.loadUserByUsername(authenticationRequest.getUsername());
final String token = jwtTokenUtil.generateToken(userDetails, device);
// Return the token
return ResponseEntity.ok(new JwtAuthenticationResponse(token));
}
问题似乎是代码的这个特定部分:
// Perform the security
final Authentication authentication = authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(
authenticationRequest.getUsername(),
authenticationRequest.getPassword()
)
);
当它尝试返回对象“UserNamePasswordAuthenticationToken”时,它只是在“chain.doFilter”调用之后将断点发送到函数“doFilterInternal”的末尾,专门发送到括号。
问题已经解决了!显然,连续 16 小时编码会影响您的思维方式!
上面的代码没有任何问题,出于某种原因,我将新创建的用户设置为默认禁用!
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句