堆栈内存溢出
  简体   繁体   English

JWT的Spring Security

[英]Spring Security with JWT

 原文  2017-02-15 18:41:14       java/ spring/ spring-boot/ spring-security/ jwt

问题描述

I am trying to develop Spring Security project with JWT. 我正在尝试使用JWT开发Spring Security项目。 I want access Login api with out Spring Security (without JWT token). 我想在没有Spring Security的情况下(没有JWT令牌)访问Login api。 But with below configuration, every time (for login api as well) it is checking for JWT token giving me 403 error. 但是使用下面的配置,每次(对于登录api也是如此)它正在检查JWT令牌,从而给我403错误。

Below is my WebSecurityConfig. 以下是我的WebSecurityConfig。 

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
private JwtAuthFilter jwtAuthFilter;

@Autowired
private TokenAuthenticationService jwtAuthenticationProvider;

@Override
public void configure(AuthenticationManagerBuilder auth)  throws Exception {
    auth.authenticationProvider(jwtAuthenticationProvider);
}



@Override
protected void configure(HttpSecurity http) throws Exception {

    http.csrf().ignoringAntMatchers("/api/v1/login");
    http.csrf().disable();

    http.authorizeRequests()
            .antMatchers("/api/v1/login")
            .permitAll()
            .and()
            .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);
}

} }

Thanks in advance 提前致谢

2 个解决方案

解决方案1
 0  2017-02-15 21:41:07

For login path configuration something like this can be used: 对于登录路径配置,可以使用如下所示的内容: 

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/**").hasRole("USER").and().formLogin()
            .usernameParameter("username") // default is username
            .passwordParameter("password") // default is password
            .loginPage("/authentication/login") // default is /login with an HTTP get
            .failureUrl("/authentication/login?failed") // default is /login?error
            .loginProcessingUrl("/authentication/login/process"); // default is /login
                                                                    // with an HTTP
                                                                    // post
}

If some paths need to be ignored configure(WebSecurity web) can be overridden: 如果需要忽略某些路径,则可以覆盖configure(WebSecurity web) 

@Override
public void configure(WebSecurity web) throws Exception {
  web.ignoring().antMatchers("/api/v1/somepath").antMatchers("/static/**");
}

解决方案2
 0  2018-12-14 11:01:22

There is filter class named JwtAuthFilter that is being executed before every service you call. 在调用每个服务之前,都有一个名为JwtAuthFilter的过滤器类正在执行。 

.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class)

this code provides to be executed filter before every request, but its okay, you have to see this FilterClass there must be some check if token doesnt exist filter class must be returned and request will directly go to the login service. 该代码提供了在每个请求之前执行过滤器的方法,但是没关系,您必须看到此FilterClass必须进行一些检查,如果令牌不存在,则必须返回过滤器类,并且请求将直接转到登录服务。 if you can show that Filter class and I will help you. 如果您可以显示Filter类,我会为您提供帮助。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Spring 安全 JWT - Spring security JWT JWT 解码与 Spring 安全 - JWT decoding with Spring Security Spring 安全 jwt 认证 - Spring Security jwt authentication 带有 JWT AuthenticationCredentialsNotFoundException 的 Spring 安全配置 - Spring security configuration with JWT AuthenticationCredentialsNotFoundException spring 安全 + jwt loadUserByUsername 不调用 - spring security + jwt loadUserByUsername not call Spring Security Cookie + JWT身份验证 - Spring Security Cookie + JWT authentication Spring 安全 jwt 单元测试 - Spring security jwt unit test Spring 安全与 JWT 角色不工作 - Spring Security with JWT Roles not working spring 启动 + spring 安全 + jwt + 反应不工作 - spring boot + spring security + jwt + React not working 基于 JWT 角色的 Spring Security 授权 - JWT role Based Authorization with Spring Security
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM