[英]Spring boot application with config-server not working when using JWT authentication
I am new to using config server for getting external configuration from Github repository. 我是使用config服务器从Github存储库获取外部配置的新手。 In my application.yml file of spring boot application I have used below piece of lines and it works fine when I comment JWT authentication part in my application, spring boot application can fetch updated configurations from github repository.
在我的Spring Boot应用程序的application.yml文件中,我使用了以下几行内容,当我在应用程序中注释JWT身份验证部分时,它工作正常,Spring Boot应用程序可以从github存储库中获取更新的配置。
security: basic: enabled: false management: security: enabled: false 安全性:基本:启用:错误管理:安全性:启用:错误
My question is what if I don't include above code in my yml file, will it work fine? 我的问题是,如果我在yml文件中不包含以上代码,它将正常工作吗? because when i remove above lines, it throws 401 unauthorized error.
因为当我删除上面的行时,它会引发401未经授权的错误。
Second thing my spring boot application is secured with JWT authentication, when I enable my JWT authentication with yml file having above piece of code, then on providing valid token also it gives 403 forbidden error. 第二件事是我的Spring Boot应用程序通过JWT身份验证进行保护,当我使用具有上述代码的yml文件启用我的JWT身份验证时,然后在提供有效令牌时也会给出403禁止错误。
Someone please guide me how resolve this, I am trying to resolve this from last 1 week but no luck. 有人请指导我如何解决此问题,我正在尝试从最近1周开始解决此问题,但没有运气。 Thanks in advance.
提前致谢。
I believe you have <artifactId>spring-boot-starter-security</artifactId>
as a dependency in your POM.xml and therefore you will always get a 401 Unauthorized if you do not provide the default password (which you can see in logs on service startup) and if you have removed that config from your bootstrap.yml 我相信您在您的POM.xml中具有
<artifactId>spring-boot-starter-security</artifactId>
作为依赖项,因此,如果不提供默认密码(您可以在日志中看到该密码),则将始终获得401 Unauthorized在服务启动时),以及是否已从bootstrap.yml中删除该配置
If you are getting a 403 Forbidden, then it means that the user was able to login with credentials (means authenticated successfully) but is not "authorized" to do the action being performed. 如果您收到“ 403禁止访问”,则表示该用户能够使用凭据登录(表示已成功通过身份验证),但未获得“授权”才能执行操作。 Check the roles of the user(log them or debug).
检查用户的角色(登录或调试)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.