Question

我一直在遵循this教程来在Spring中获得JWT身份验证，但是由于某些原因，过滤器对我不起作用。我已经从Github下载了该教程项目，并且可以运行，但是我的却没有，我也不知道为什么...

我将在下面发布一些代码（不要介意Kotlin + Java的混合，我试图在Java中实现安全性配置，认为可能是个问题）

Initializer.kt

class Initializer : WebApplicationInitializer {
@Throws(ServletException::class)
override fun onStartup(container: ServletContext) {
    val context = AnnotationConfigWebApplicationContext()
    context.scan("com.newyorkcrew.server.config")
    context.scan("com.newyorkcrew.server.domain")

    val dispatcher = container.addServlet("dispatcher", DispatcherServlet(context))
    dispatcher.setLoadOnStartup(1)
    dispatcher.addMapping("/api/*")
}
}

WebConfig.kt

@Bean
fun propertySourcesPlaceholderConfigurer(): PropertySourcesPlaceholderConfigurer {
return PropertySourcesPlaceholderConfigurer()
 }

@Configuration
@Import(JPAConfig::class)
@EnableWebMvc
@ComponentScan("com.newyorkcrew.server")
@PropertySources(PropertySource(value = ["classpath:local/db.properties",     "classpath:local/security.properties"]))
open class WebConfig {

@Bean
open fun corsConfigurer(): WebMvcConfigurer {
    return object : WebMvcConfigurer {
        override fun addCorsMappings(registry: CorsRegistry?) {
            registry!!.addMapping("/**")
                    .allowedOrigins("http://localhost:4200", "http://localhost:8080", "http://localhost:8081")
                    .allowedMethods("GET", "PUT", "POST", "DELETE")
        }
    }
}
}

WebSecurity.java

    @Configuration
@EnableWebSecurity
@ComponentScan("com.newyorkcrew.server.config")
public class WebSecurity extends WebSecurityConfigurerAdapter {
    public static String SECRET;

    @Value("{security.secret}")
    private void setSECRET(String value) {
        SECRET = value;
    }

    @Value("{security.expiration}")
    public static long EXPIRATION_TIME;

    @Value("{security.header}")
    public static String HEADER;

    @Value("{security.prefix}")
    public static String PREFIX;

    public static String SIGN_UP_URL;

    @Value("${security.signupurl}")
    private void setSignUpUrl(String value) {
        SIGN_UP_URL = value;
    }

    @Autowired
    private UserDetailsService userDetailsService;

    public WebSecurity(UserDetailsService userDetailsService) {
        this.userDetailsService = userDetailsService;
    }

    @Bean
    public BCryptPasswordEncoder bCryptPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors().and().csrf().disable().authorizeRequests()
                .antMatchers(HttpMethod.POST, SIGN_UP_URL).permitAll()
                .anyRequest().authenticated()
                .and()
                .addFilter(new JWTAuthenticationFilter(authenticationManager()))
                .addFilter(new JWTAuthorizationFilter(authenticationManager()));
    }

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
    }

    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/api/**", new CorsConfiguration().applyPermitDefaultValues());
        return source;
    }

}

我还实现了UserDetailService，JWTAuthenticationFilter和JWTAuthorizationFilter，但是只要它们没有被点击，我认为它们并没有太大关系。

我已经使用配置了一段时间，并且它们可以正常工作，但是当添加SecurityConfig时，它已经初始化，但是过滤器由于某些原因无法正常工作。

如果需要更多代码，我会发布。

编辑：根据要求，实现JWTAuthenticationFilter。

open class JWTAuthenticationFilter(private val authManager: AuthenticationManager) : UsernamePasswordAuthenticationFilter() {
    override fun attemptAuthentication(request: HttpServletRequest?, response: HttpServletResponse?): Authentication {
        try {
            // Build the user DTO from the request
            val userDTO = Gson().fromJson(convertInputStreamToString(request?.inputStream), UserDTO::class.java)

            // Build the user from the DTO
            val user = UserConverter().convertDtoToModel(userDTO)

            // Try to authenticate
            return authManager.authenticate(UsernamePasswordAuthenticationToken(user.email, user.password, ArrayList()))
        } catch (e: Exception) {
            throw RuntimeException(e)
        }
    }

    override fun successfulAuthentication(request: HttpServletRequest?, response: HttpServletResponse?,
                                          chain: FilterChain?, authResult: Authentication?) {
        val token = Jwts.builder()
                .setSubject(authResult?.principal.toString())
                .setExpiration(Date(System.currentTimeMillis() + EXPIRATION_TIME))
                .signWith(SignatureAlgorithm.HS512, SECRET.toByteArray())
                .compact()
        response?.addHeader(HEADER, "$PREFIX $token")
    }
}

感谢您的帮助。

Answer 1

对我有用的解决方案是放弃Kotlin。使用相同的配置启动了一个新的Spring项目，该项目很简单。我很想在Kt进行这个项目时感到非常难过，但也许我做错了什么。

弹簧过滤器没有被调用

}

1 个答案: