我正在嘗試學習彈簧安全性,但卡在了過濾器上。我知道 oncePerRequestFilter 適用于每個請求,我計劃在此過濾器中檢查 JWT 令牌。但是,如果用戶是新用戶并試圖到達 /auth/login 端點,那么我需要說這個過濾器允許,然后執行我的 /auth/login 方法。但我找不到運行該方法的方法。
這是我的 OncePerRequestFilter
public class JwtAuthenticationFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
System.out.println("JwtAuthenticationFilter.doFilterInternal is working");
if(request.getServletPath().equals("/auth/login")) {
System.out.println("if there is a request to /auth/login just continue");
filterChain.doFilter(request, response);
}
// else continue to check JWT token
}
}
我的終點
@AllArgsConstructor
@RestController("/auth")
public class LoginController {
private final AuthenticationManager authenticationManager;
@PostMapping("/login")
public LoginTokenResponse login(@RequestBody LoginRequest loginRequest) {
System.out.println("login method is working");
if(loginRequest == null) {
throw new IllegalArgumentException("No credentials provided");
}
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(loginRequest.getUsername(), loginRequest.getPassword());
Authentication authentication = authenticationManager.authenticate(usernamePasswordAuthenticationToken);
// do other things and return LoginResponseToken
return null;
}
@GetMapping("/ping")
public String ping() {
System.out.println("pong is working");
return "pong";
}
}
和 WebSecurityConfigurerAdapter
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfig extends WebSecurityConfigurerAdapter {
private final PasswordCheckUserDetailService passwordCheckUserDetailService;
@Override
protected void configure(AuthenticationManagerBuilder builder) throws Exception {
builder.userDetailsService(passwordCheckUserDetailService)
.passwordEncoder(UserPasswordEncoder.getUserPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.cors().disable();
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.authorizeRequests().antMatchers(HttpMethod.POST, "/auth/login/**").permitAll();
http.authorizeRequests().anyRequest().authenticated();
JwtAuthenticationFilter jwtAuthenticationFilter = new JwtAuthenticationFilter();
http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
}
@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
當我向 /auth/login 發出發布請求時,我得到以下回應,并且登錄方法根本不起作用。(不列印)
{
"timestamp": "2022-03-12T00:59:38.932 00:00",
"status": 404,
"error": "Not Found",
"message": "No message available",
"path": "/auth/login"
}
如果您想檢查其他部分:https ://github.com/xsenko/JWTAuthentication/tree/develop/src/main/java/com/senko/JWTAuthentication
uj5u.com熱心網友回復:
@RestController("/auth")- 它用于邏輯組件名稱,而不用于請求映射。
你應該使用@RequestMapping("/auth")
轉載請註明出處,本文鏈接:https://www.uj5u.com/ruanti/441678.html