spring - 需要完全身份验证才能在 post request postman 中访问此资源
问题描述
我的邮递员输出:--
{
"timestamp": "2020-10-19T10:34:26.171Z",
"status": 401,
"error": "Unauthorized",
"message": "Full authentication is required to access this resource",
"path": "/website/api/users/login"
}
我的后端服务器:--
2020-10-19 16:04:26.168 WARN 8728 --- [io-8080-exec-14] c.website.website.jwt.JwtRequestFilter : JWT Token does not contain auth string
代码:
package com.website.website.security;
import com.fasterxml.jackson.databind.ser.std.ToStringSerializer;
import com.website.website.jwt.CustomAuthProvider;
import com.website.website.jwt.JwtRequestFilter;
import com.website.website.jwt.MyAuthenticationEntryPoint;
import org.bson.types.ObjectId;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import java.util.Date;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private MyAuthenticationEntryPoint jwtAuthenticationEntryPoint;
@Autowired
private UserDetailsService jwtUserDetailsService;
@Autowired
private JwtRequestFilter jwtRequestFilter;
@Autowired
private CustomAuthProvider authProvider;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
// configure AuthenticationManager so that it knows from where to load
// user for matching credentials
// Use BCryptPasswordEncoder
auth.userDetailsService(jwtUserDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authProvider);
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public Jackson2ObjectMapperBuilder objectMapperBuilder() {
Jackson2ObjectMapperBuilder builder = new Jackson2ObjectMapperBuilder();
builder.serializerByType(ObjectId.class, new ToStringSerializer());
builder.serializerByType(Date.class, new JsonDateSerializer());
return builder;
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.cors();
// We don't need CSRF for this example
httpSecurity.csrf().disable()
.authorizeRequests().antMatchers( "/users/login","/users/addUser","/users/addCustomer", "/"
,"/v2/**","/swagger-ui.html","/webjars/**","/swagger-resources/**").permitAll().
// all other requests need to be authenticated
anyRequest().authenticated().and().
// make sure we use stateless session; session won't be used to
// store user's state.
exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint).and().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// Add a filter to validate the tokens with every request
httpSecurity.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/authenticate");
}
}
解决方案
在您的邮递员中,路径"/website/api/users/login"
不在授权路径中。变化"/users/login"
与"/website/api/users/login"
推荐阅读
- java - 如何在 Java 中执行 Scala 的 Seq++ 操作数
- ios - Alamofire objectmapper 的 Xcode 10 更新问题
- javascript - 如何在以下代码中添加 Get 或 POST 请求
- go - 参考内部结构
- image - 张量流中的分层图像分类
- python - powershell stderr 重定向每隔几个字符就换行
- rust - 无法在“FnMut”闭包中移出捕获的变量
- arrays - 如何在 C++ 中创建一个添加多个数组的函数
- php - 如何在控制器功能中使用表单输入来输入验证码以保护 CodeIgniter 中的表单提交(不是验证而是验证)
- java - 使用 Streams 的 JsonArray 循环