Spring Boot 不记名令牌认证给出 401
我是 Spring Boot 的新手,所以请帮助我。我已经让它工作到我能够生成一个Bearer Token未经身份验证的请求的地步。接下来,我想将此令牌与端点一起使用,以便对我的请求进行身份验证 - 这就是我遇到麻烦的地方。我总是收到 401,看起来我的配置有问题。这是我的代码
public class ApplicationUser {
private String username;
private String password;
private String role;
public ApplicationUser(String username, String password, String role) {
this.username = username;
this.password = password;
this.role = role;
}
public String getUsername() {
return username;
}
public String getPassword() {
return password;
}
public String getRole() {
return role;
}
}
JwtConfig 类:
@Component("jwtConfig")
public class JwtConfig {
@Value("${security.jwt.uri:/auth/**}")
private String Uri;
@Value("${security.jwt.header:Authorization}")
private String header;
@Value("${security.jwt.prefix:Bearer }")
private String prefix;
@Value("${security.jwt.expiration:#{24*60*60}}")
private int expiration;
@Value("${security.jwt.secret:JwtSecretKey}")
private String secret;
public String getUri() {
return Uri;
}
public String getHeader() {
return header;
}
public String getPrefix() {
return prefix;
}
public int getExpiration() {
return expiration;
}
public String getSecret() {
return secret;
}
}
LEATH3回答
-
烙印99
根据您的要求,在您对多个路径使用多个身份验证之前,您真的不需要多个 http 安全配置(例如,对于某些路径,您希望拥有 JWT,而对于某些路径,您希望拥有基本身份验证或 auth2)。所以删除SecurityCredentialsConfig并更新WebSecurity到下面,你会很好。@Configuration@EnableWebSecurity(debug = true) // Enable security config. This annotation denotes config for spring security.public class WebSecurity extends WebSecurityConfigurerAdapter { @Autowired private JwtConfig jwtConfig; @Autowired private UserDetailsServiceImpl userDetailsService; @Override protected void configure(HttpSecurity http) throws Exception { http .csrf().disable() // make sure we use stateless session; session won't be used to store user's state. .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and() // authorization requests config .authorizeRequests() // allow all who are accessing "auth" service .antMatchers(HttpMethod.POST, jwtConfig.getUri()).permitAll() // must be an admin if trying to access admin area (authentication is also required here) .antMatchers("/v1/cooks/**").hasAuthority("ADMIN") //for other uris // .antMatchers(HttpMethod.GET, "/v1/**").hasRole("USER") // Any other request must be authenticated .anyRequest().authenticated() .and() // handle an authorized attempts .exceptionHandling().authenticationEntryPoint((req, rsp, e) -> rsp.sendError(HttpServletResponse.SC_UNAUTHORIZED)) .and() // Add a filter to validate the tokens with every request .addFilterAfter(new JwtTokenAuthenticationFilter(jwtConfig), UsernamePasswordAuthenticationFilter.class) .addFilter(new JwtUsernameAndPasswordAuthenticationFilter(authenticationManager(), jwtConfig)); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder()); } @Bean public BCryptPasswordEncoder passwordEncoder() { return new BCryptPasswordEncoder(); }} -
素胚勾勒不出你
尝试添加这个/**在网络安全类在线,.antMatchers("/v1/cooks/**" ).access("hasRole('ADMIN')")拜托,如果您能提供有关 Spring Boot 和安全依赖项的日志和版本,这对我们有很大帮助。 -
德玛西亚99
尝试从您的 CookAPI 中删除 spring-boot-starter-security 依赖项。正如我所见,zuul-server application.properties 中只添加了 auth-service。在cookAPI 属性文件中为cookAPI 提供一个端口和应用程序名称。将其添加到 zuul 属性文件中。 zuul 属性文件 我遵循了您提到的相同教程。
随时随地看视频慕课网APP
相关分类
Java