[英]Unauthorized error: Full authentication is required to access this resource
How can I solve JWT error in my spring code?如何解决 Spring 代码中的 JWT 错误?
ERROR security.jwt.AuthEntryPointJwt - Unauthorized error: Full authentication is required to acccess this resource ERROR security.jwt.AuthTokenFilter - Cannot set user authentication {}错误 security.jwt.AuthEntryPointJwt - 未经授权的错误:访问此资源需要完全身份验证 错误 security.jwt.AuthTokenFilter - 无法设置用户身份验证 {}
There is some error in my WebSecurityConfig.java file showing WebSecurityConfigurerAdapter is deprecated due which my authenticationManagerBean() is also deprecated.我的 WebSecurityConfig.java 文件中有一些错误显示 WebSecurityConfigurerAdapter 已弃用,因为我的 authenticationManagerBean() 也已弃用。
Authcontroler.java Class Authcontroler.java 类
@CrossOrigin("*")
@RestController
@RequestMapping("/api/auth")
public class AuthController {
@Autowired
private UserRepo userRepo;
@Autowired
private RoleRepo roleRepo;
@Autowired
private PasswordEncoder passwordEncoder;
@Autowired
private JwtUtils jwtUtils;
@Autowired
private AuthenticationManager authenticationManager;
@Autowired
private EmailService emailService;
// POST request for adding user
@PostMapping("/register")
public ResponseEntity<?> registerUser(@Valid @RequestBody SignupRequest signupRequest) {
if (userRepo.existsByEmail(signupRequest.getEmail())) {
return ResponseEntity
.badRequest()
.body(new MessageResponse("Error: Email is already in use!"));
}
User user = new User(signupRequest.getEmail(),
signupRequest.getName(),
passwordEncoder.encode(signupRequest.getPassword()),
signupRequest.getAddress());
//signupRequest.setRole(new ArraySet<>(Set.of("ROLE_USER","")));
signupRequest.setRole("ROLE_ADMIN");
String strRoles = signupRequest.getRole();
Set<Role> roles = new HashSet<>();
if (strRoles==null) {
Role userRole = roleRepo.findByRoleName("ROLE_ADMIN")
.orElseThrow(()-> new RuntimeException("Error: role not found"));
roles.add(userRole);
}
else {
// strRoles.forEach(e->{
// switch (e) {
// case "admin":
// Role roleAdmin = roleRepo.findByRoleName("ROLE_ADMIN")
// .orElseThrow(()-> new RuntimeException("Error: role not found"));
// roles.add(roleAdmin);
// break;
//
// default:
// Role roleUser = roleRepo.findByRoleName("ROLE_USER")
// .orElseThrow(()-> new RuntimeException("Error: role not found"));
// roles.add(roleUser);
// break;
}
user.setRoles(roles);
userRepo.save(user);
emailService.sendTextEmail(user.getEmail());
return ResponseEntity
.status(201)
.body(new MessageResponse("User created successfully"));
}
// POST request for validating user
@PostMapping("/authenticate")
public ResponseEntity<?> authenticateUser(@Valid @RequestBody LoginRequest loginRequest) {
Authentication authentication = authenticationManager
.authenticate(new UsernamePasswordAuthenticationToken(loginRequest.getEmail(),
loginRequest.getPassword()));
SecurityContextHolder.getContext().setAuthentication(authentication);
String jwt = jwtUtils.generateToken(authentication);
UserDetailsImpl userDetailsImpl = (UserDetailsImpl) authentication.getPrincipal();
List<String> roles = userDetailsImpl.getAuthorities()
.stream()
.map(i->i.getAuthority())
.collect(Collectors.toList());
return ResponseEntity.ok(new JwtResponse(jwt,
userDetailsImpl.getId(),
userDetailsImpl.getEmail(),
roles));
}
@GetMapping("/")
public ResponseEntity<?> getUser() {
UserDetailsImpl userDetailsImpl = (UserDetailsImpl) SecurityContextHolder.getContext().getAuthentication()
.getPrincipal();
Long id = userDetailsImpl.getId();
Optional<User> optional = userRepo.findById(id);
return ResponseEntity.ok(optional.get());
}
}
AuthEntryPointJwt.java Class AuthEntryPointJwt.java 类
@Component
public class AuthEntryPointJwt implements AuthenticationEntryPoint {
private static final Logger logger = LoggerFactory.getLogger(AuthEntryPointJwt.class);
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
throws IOException, ServletException {
logger.error("Unauthorized error: {}", authException.getMessage());
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
final Map<String, Object> body = new HashMap<>();
body.put("status", HttpServletResponse.SC_UNAUTHORIZED);
body.put("error", "Unauthorized");
body.put("message", authException.getMessage());
body.put("path", request.getServletPath());
final ObjectMapper mapper = new ObjectMapper();
mapper.writeValue(response.getOutputStream(), body);
}
}
WebSecurityConfig.java WebSecurityConfig.java
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserDetailsServiceImpl userDetailsService;
@Autowired
private AuthEntryPointJwt unauthorizedHandeler;
@Bean
public AuthTokenFilter authenticationJwtTokenFilter() {
return new AuthTokenFilter();
}
@Override
protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
// TODO Auto-generated method stub
authenticationManagerBuilder.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
// TODO Auto-generated method stub
return super.authenticationManagerBean();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// TODO Auto-generated method stub
http.cors().and()
.csrf()
.disable()
.exceptionHandling()
.authenticationEntryPoint(unauthorizedHandeler)
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeHttpRequests().antMatchers("/api/auth/**").permitAll()
.antMatchers("/api/food/**").permitAll()
.antMatchers("/api/cart/**").permitAll()
.antMatchers("/api/order/**").permitAll()
.antMatchers("/api/payment/**").permitAll()
.antMatchers("/h2-console/**").permitAll()
.antMatchers("/api/users/**")
.permitAll().anyRequest().authenticated();
http.headers().frameOptions().disable();
http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
// super.configure(http);
}
}
AuthTokenFilter.java Class AuthTokenFilter.java 类
public class AuthTokenFilter extends OncePerRequestFilter {
@Autowired
private JwtUtils jwtUtils;
@Autowired
private UserDetailsServiceImpl userDetailsServiceImpl;
private static final Logger LOGGER = LoggerFactory.getLogger(AuthTokenFilter.class);
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
// TODO Auto-generated method stub
try {
String jwt = parseJwt(request);
if (jwt!=null && jwtUtils.validateJwtToken(jwt)) {
String username = jwtUtils.getUsernameFromJwtToken(jwt);
UserDetails userDetails = userDetailsServiceImpl.loadUserByUsername(username);
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetails(request));
SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
}
} catch (Exception e) {
// TODO Auto-generated catch block
LOGGER.error("Cannot set user authentication {}", e);
}
filterChain.doFilter(request, response);
}
private String parseJwt(HttpServletRequest request) {
String headerAuth = request.getHeader("Authorization");
if (StringUtils.hasText(headerAuth) && headerAuth.startsWith("Bearer ")) {
return headerAuth.substring(7, headerAuth.length());
}
return null;
}
}
Thankyou谢谢
You need a configuration file that allows users to talk to a login endpoint .您需要一个允许用户与登录端点对话的配置文件。 Within this endpoint you may authenticate a user to get past the authentication barrier.
在此端点中,您可以对用户进行身份验证以通过身份验证障碍。
Example configuration within spring boot security: Spring Boot 安全性中的示例配置:
@Configuration
public class MySecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/register").permitAll() // <- allow requests to this reqister endpoint
.anyRequest().authenticated(); // <- all other requests needs full authentication;
http.addFilterAfter(
new AuthTokenFilter(), BasicAuthenticationFilter.class); // <- add your JWT authentication filter into the chain
}
}
Another important step is to integrate your Filter
into the filter chain of incomming requests.另一个重要步骤是将您的
Filter
集成到传入请求的过滤器链中。
You may have a look at this example: Spring Security / Getting Started .你可以看看这个例子: Spring Security / Getting Started 。 Another good resource is always Baeldung Config / Baeldung Filter
另一个好的资源总是Baeldung Config / Baeldung Filter
Within this configuration you can also integrate your AuthEntryPointJwt
.在此配置中,您还可以集成您的
AuthEntryPointJwt
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.