Comments (4)
zhangwei900808
commented on June 30, 2024
WebSecurityConfig.java
package com.awbeci.security;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private JwtAuthenticationEntryPoint unauthorizedHandler;
// Spring会自动寻找同样类型的具体类注入,这里就是JwtUserDetailsService了
@Autowired
private UserDetailsService userDetailsService;
@Bean
public JwtAuthenticationTokenFilter authenticationTokenFilterBean() throws Exception {
return new JwtAuthenticationTokenFilter();
}
// 装载BCrypt密码编码器
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Autowired
public void configureAuthentication(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
authenticationManagerBuilder
// 设置UserDetailsService
.userDetailsService(this.userDetailsService)
// 使用BCrypt进行密码的hash
.passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
// 由于使用的是JWT,我们这里不需要csrf
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
// 基于token,所以不需要session
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.authorizeRequests()
//.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
// 允许对于网站静态资源的无授权访问
.antMatchers(
HttpMethod.GET,
"/",
"/*.html",
"/favicon.ico",
"/**/*.html",
"/**/*.css",
"/**/*.js"
).permitAll()
// 对于获取token的rest api要允许匿名访问
.antMatchers("/auth/**").permitAll()
// 除上面外的所有请求全部需要鉴权认证
.anyRequest().authenticated();
// 添加JWT filter
httpSecurity
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
// 禁用缓存
httpSecurity.headers().cacheControl();
}
}
from spring-boot-tut.
wpcfan
commented on June 30, 2024
汗,这不是正常的吗,注册如果也需要鉴权那还怎么注册啊,注册本身就是不含鉴权头的
在 2017年11月27日,下午7:25,zhang wei <[email protected]<mailto:[email protected]>> 写道:
@OverRide
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response,
FilterChain filterChain) throws ServletException, IOException {
String authHeader = request.getHeader(this.tokenHeader);
if (authHeader != null && authHeader.startsWith(tokenHead)) {
根据我的idea断点,执行到authHeader我监听是null,If判断就直接完了,无任何操作,这个如何解决啊
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fwpcfan%2Fspring-boot-tut%2Fissues%2F8&data=02%7C01%7Cpeng.wang%40outlook.com%7Ca6b45c5f47554fc785c208d5358990c3%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636473787308559446&sdata=eT9N1x%2FvyWu1RRGbnf47Vi3jjIgqBwWxjRhqUCUy%2Fjo%3D&reserved=0>, or mute the thread<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAAFNjH5WgH73GB4RNaRi-I0j_w1ilFFMks5s6pwogaJpZM4QrfVw&data=02%7C01%7Cpeng.wang%40outlook.com%7Ca6b45c5f47554fc785c208d5358990c3%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636473787308559446&sdata=WSX83RqBpuCiXJkpXGFw5TLdHWDXCARz0%2FwCF4ic%2BCc%3D&reserved=0>.
from spring-boot-tut.
zhangwei900808
commented on June 30, 2024
@wpcfan 大神已经解决了,是我少加了
filterChain.doFilter(request, response);
不好意思哦
from spring-boot-tut.
zhangwei900808
commented on June 30, 2024
@wpcfan 新的问题是我根据username和pasword访问的时候报401:
@PostMapping("/auth")
public ResponseEntity<?> createAuthenticationToken(
@RequestBody JwtAuthenticationRequest authenticationRequest) throws AuthenticationException{
final String token = authService.login(authenticationRequest.getUsername(),
authenticationRequest.getPassword());
// Return the token
return ResponseEntity.ok(new JwtAuthenticationResponse(token));
}
@Override
public String login(String username, String password) {
UsernamePasswordAuthenticationToken upToken = new UsernamePasswordAuthenticationToken(username,password);
final Authentication authentication = authenticationManager.authenticate(upToken);
SecurityContextHolder.getContext().setAuthentication(authentication);
final UserDetails userDetails = userDetailsService.loadUserByUsername(username);
return jwtTokenUtil.generateToken(userDetails);
}
{
"timestamp": 1511785733643,
"status": 401,
"error": "Unauthorized",
"exception": "org.springframework.security.authentication.InternalAuthenticationServiceException",
"message": "Unauthorized",
"path": "/auth"
}
from spring-boot-tut.
Related Issues (12)
- 能不能添一段rxJava的内容啊谢谢
- 对数据库进行两次查询?
- chap04 启动mongodb报错 HOT 1
- 求大大能补充一下自定义角色权限部分的实现 HOT 1
- 这个代码貌似是不完全的?
- chapter04 启动不了 HOT 1
- _
- 请问这个SpEL中的returnObject是什么呀 HOT 1
- 这段代码可能会有问题
- DatatypeConverter used by jjwt is not found HOT 1
- /auth访问报401 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spring-boot-tut.