[英]Spring security : configure JWT with formLogin
I am trying to configure JWT filter with formLogin authentication.我正在尝试使用 formLogin 身份验证配置 JWT 过滤器。 (My server serve UI clients (thats why i need formLogin ) and i am exposing also Rest End Point (to be authenticated by JWT ). currently my JWT is working, but it seems that my Roles (anyRole) -- isnt working.
(我的服务器为UI客户端提供服务(这就是为什么我需要FormLogin),并且我也将Rest终点点(由Z1D1D1FADBD91FADBD9150349C135781140FFEESTENTING YERYEN -Z1DZ)YS19D711D.11D.11D.11D.11D.11。
here is my configure method: post login -> if I am trying to reach /kuku path - I get 302 and login page again.这是我的配置方法:登录后 -> 如果我试图到达 /kuku 路径 - 我得到 302 并再次登录页面。
if i am removing the addFilterBefore -> my roles is working fine.如果我要删除 addFilterBefore -> 我的角色工作正常。
protected void configure(HttpSecurity http) throws Exception {
http.
authorizeRequests()
.antMatchers("/login").permitAll()
.antMatchers("/").hasRole("ADMIN")
.antMatchers("/kuku/**").hasRole("ADMIN")
.anyRequest()
.authenticated()
.and()
.formLogin().defaultSuccessUrl("/inital.html", true)
;
http.addFilterBefore(new JwtFilter(), UsernamePasswordAuthenticationFilter.class);
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
String userName = "Admin"; // currently due to Vault IMPL - this input is hardcoded .
String password ="Admin"
auth.inMemoryAuthentication()
.withUser(userName).password(passwordEncoder().encode(password))
.roles("ADMIN");
}
Try adding csrf().disable() to your configure(http) method.尝试将csrf().disable()添加到您的configure(http)方法中。 This worked in my case where I have similar configuration as yours.
这适用于我的情况,我的配置与您的配置相似。 Although, I suggest searching for whether or not this is secure, because this disables built-in csrf protection.
虽然,我建议搜索这是否安全,因为这会禁用内置的 csrf 保护。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.