我正在尝试编写一个简单的Unity脚本,该脚本将使用JWT对我的服务器进行身份验证。不幸的是,我不能为JWT使用.NET插件,因为它需要比Unity使用的更新版本的.NET(Mono的东西)。所以我自己试着写。我可以设法执行登录,但我似乎无法确定如何使用idToken。这就是我所拥有的:
using System.Collections;
using System.Collections.Generic;
using JetBrains.Annotations;
using UnityEngine;
public class JsonLoaderTest : MonoBehaviour
{
public static string BASE_HTTP_URL = "http://localhost:8080/";
public static string BASE_HTTPS_URL = "https://localhost:8080/";
private string _idToken = "";
// Use this for initialization
[UsedImplicitly]
IEnumerator Start () {
yield return StartCoroutine(GetBeers());
yield return StartCoroutine(Login());
yield return StartCoroutine(GetBeers());
}
private IEnumerator GetBeers()
{
Dictionary<string, string> headers = new Dictionary<string, string>();
headers.Add("Authorization", "Bearer " + _idToken);
WWW www = new WWW(BASE_HTTP_URL + "api/beers", null, headers);
while (!www.isDone) yield return null;
Debug.Log(www.text);
}
public class LoginPackage
{
public string username;
public string password;
public bool rememberMe;
}
public class IdTokenPackage
{
public string idToken;
}
private IEnumerator Login()
{
LoginPackage loginPackage = new LoginPackage();
loginPackage.username = "admin";
loginPackage.password = "admin";
loginPackage.rememberMe = true;
Dictionary<string, string> postHeaders = new Dictionary<string, string>();
postHeaders.Add("Content-Type", "application/json");
string json = JsonUtility.ToJson(loginPackage);
byte[] postData = System.Text.Encoding.UTF8.GetBytes(json);
WWW www = new WWW(BASE_HTTP_URL + "api/authenticate", postData, postHeaders);
while (!www.isDone) yield return null;
Debug.Log(www.text);
_idToken = JsonUtility.FromJson<IdTokenPackage>(www.text).idToken;
}
}
正如您所期望的第一个&#34; GetBeers&#34;请求因401而失败,因为我还没有ID令牌。登录工作并返回一个idToken,但当我尝试制作第二个&#34; GetBeers&#34;请求,现在使用非空ID,它仍然无法使用401.这是服务器上的日志:
2017-09-25 21:32:39.904 DEBUG 9968 --- [ XNIO-2 task-16] c.s.beerapp.aop.logging.LoggingAspect : Enter: org.springframework.boot.actuate.audit.AuditEventRepository.add() with argument[s] = [AuditEvent [timestamp=Mon Sep 25 21:32:39 CEST 2017, principal=anonymousUser, type=AUTHORIZATION_FAILURE, data={details=org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null, type=org.springframework.security.access.AccessDeniedException, message=Access is denied}]]
2017-09-25 21:32:39.907 DEBUG 9968 --- [ XNIO-2 task-16] c.s.beerapp.aop.logging.LoggingAspect : Exit: org.springframework.boot.actuate.audit.AuditEventRepository.add() with result = null
2017-09-25 21:32:39.909 DEBUG 9968 --- [ XNIO-2 task-16] i.g.j.s.Http401UnauthorizedEntryPoint : Pre-authenticated entry point called. Rejecting access
2017-09-25 21:32:40.145 DEBUG 9968 --- [ XNIO-2 task-25] c.s.beerapp.aop.logging.LoggingAspect : Enter: com.svendhhh.beerapp.web.rest.UserJWTController.authorize() with argument[s] = [LoginVM{username='admin', rememberMe=true}, com.codahale.metrics.servlet.AbstractInstrumentedFilter$StatusExposingServletResponse@7f7712]
2017-09-25 21:32:40.146 DEBUG 9968 --- [ XNIO-2 task-25] c.s.b.security.DomainUserDetailsService : Authenticating admin
Hibernate: select user0_.id as id1_7_0_, authority2_.name as name1_4_1_, user0_.created_by as created_2_7_0_, user0_.created_date as created_3_7_0_, user0_.last_modified_by as last_mod4_7_0_, user0_.last_modified_date as last_mod5_7_0_, user0_.activated as activate6_7_0_, user0_.activation_key as activati7_7_0_, user0_.email as email8_7_0_, user0_.first_name as first_na9_7_0_, user0_.image_url as image_u10_7_0_, user0_.lang_key as lang_ke11_7_0_, user0_.last_name as last_na12_7_0_, user0_.login as login13_7_0_, user0_.password_hash as passwor14_7_0_, user0_.reset_date as reset_d15_7_0_, user0_.reset_key as reset_k16_7_0_, authoritie1_.user_id as user_id1_8_0__, authoritie1_.authority_name as authorit2_8_0__ from jhi_user user0_ left outer join jhi_user_authority authoritie1_ on user0_.id=authoritie1_.user_id left outer join jhi_authority authority2_ on authoritie1_.authority_name=authority2_.name where user0_.login=?
2017-09-25 21:32:40.237 DEBUG 9968 --- [ XNIO-2 task-25] c.s.beerapp.aop.logging.LoggingAspect : Enter: org.springframework.boot.actuate.audit.AuditEventRepository.add() with argument[s] = [AuditEvent [timestamp=Mon Sep 25 21:32:40 CEST 2017, principal=admin, type=AUTHENTICATION_SUCCESS, data={}]]
Hibernate: insert into jhi_persistent_audit_event (event_id, event_date, event_type, principal) values (null, ?, ?, ?)
2017-09-25 21:32:40.240 DEBUG 9968 --- [ XNIO-2 task-25] c.s.beerapp.aop.logging.LoggingAspect : Exit: org.springframework.boot.actuate.audit.AuditEventRepository.add() with result = null
2017-09-25 21:32:40.242 DEBUG 9968 --- [ XNIO-2 task-25] c.s.beerapp.aop.logging.LoggingAspect : Exit: com.svendhhh.beerapp.web.rest.UserJWTController.authorize() with result = <200 OK,com.svendhhh.beerapp.web.rest.UserJWTController$JWTToken@566d9495,{}>
2017-09-25 21:32:40.257 DEBUG 9968 --- [ XNIO-2 task-24] c.s.beerapp.aop.logging.LoggingAspect : Enter: org.springframework.boot.actuate.audit.AuditEventRepository.add() with argument[s] = [AuditEvent [timestamp=Mon Sep 25 21:32:40 CEST 2017, principal=anonymousUser, type=AUTHORIZATION_FAILURE, data={details=org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null, type=org.springframework.security.access.AccessDeniedException, message=Access is denied}]]
2017-09-25 21:32:40.258 DEBUG 9968 --- [ XNIO-2 task-24] c.s.beerapp.aop.logging.LoggingAspect : Exit: org.springframework.boot.actuate.audit.AuditEventRepository.add() with result = null
2017-09-25 21:32:40.260 DEBUG 9968 --- [ XNIO-2 task-24] i.g.j.s.Http401UnauthorizedEntryPoint : Pre-authenticated entry point called. Rejecting access
谁能说出我做错了什么?我是否以错误的方式/格式包含身份验证标头?
答案 0 :(得分:2)
原来问题是我的IdTokenPackage类中变量的名称。我已经将json中的值读作id-token,并假设它将被序列化为idToken(因为你不能在c#变量名中使用破折号)。但是,json中的实际名称是id_token,我必须相应地更改C#类中的名称:
public class IdTokenPackage
{
public string id_token;
}
这确实意味着我的问题与JWT并不完全相同,但至少可能有人可以在Unity自己实施JWT身份验证时找到该脚本。