要求Jwt Parser

时间:2019-01-29 20:01:57

标签: java spring-boot jackson jwt

我对索赔有疑问,我想生成一个具有用户权限的令牌,以拦截所有路由并在未经授权的情况下进行阻止。

我使用Jwt蛤进行身份验证。

我的验证人

  public User validate(String token) {
    User user = null;

    try {
        Claims body = Jwts.parser()
                .setSigningKey(JwtGenerator.getSecret())
                .parseClaimsJws(token)
                .getBody();

        user = new User();
        user.setUsername(body.getSubject());
        user.setId(Integer.parseInt((String) body.get("userID")));
        user.setPermissions((ArrayList<Permission>) body.get("permission"));}

我的生成器

public String generate(User user) {

    Claims claims = Jwts.claims()
            .setSubject(user.getUsername());
    claims.put("userID", String.valueOf(user.getId()));
    claims.put("changePassword", user.isChangePass());
    claims.put("permission", user.getPermissions()); //List<Permission> 
    return Jwts.builder()
            .setClaims(claims).signWith(SignatureAlgorithm.HS512, SECRET).compact();
}

重复

user.getPermissions().forEach(permission -> System.out.println(permission.getRoute()));

错误

java.lang.ClassCastException: class java.util.LinkedHashMap cannot be cast to class com.bestgame.model.Permission (java.util.LinkedHashMap is in module java.base of loader 'bootstrap'; com.bestgame.model.Permission is in unnamed module of loader org.springframework.boot.devtools.restart.classloader.RestartClassLoader @6b8da817)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1540)
at com.bestgame.security.AuthorizationUser.checkPermissions(AuthorizationUser.java:22)
at com.bestgame.security.BgsAuthenticationTokenFilter.successfulAuthentication(BgsAuthenticationTokenFilter.java:41)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:240)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at 

0 个答案:

没有答案