我对索赔有疑问,我想生成一个具有用户权限的令牌,以拦截所有路由并在未经授权的情况下进行阻止。
我使用Jwt蛤进行身份验证。
我的验证人
public User validate(String token) {
User user = null;
try {
Claims body = Jwts.parser()
.setSigningKey(JwtGenerator.getSecret())
.parseClaimsJws(token)
.getBody();
user = new User();
user.setUsername(body.getSubject());
user.setId(Integer.parseInt((String) body.get("userID")));
user.setPermissions((ArrayList<Permission>) body.get("permission"));}
我的生成器
public String generate(User user) {
Claims claims = Jwts.claims()
.setSubject(user.getUsername());
claims.put("userID", String.valueOf(user.getId()));
claims.put("changePassword", user.isChangePass());
claims.put("permission", user.getPermissions()); //List<Permission>
return Jwts.builder()
.setClaims(claims).signWith(SignatureAlgorithm.HS512, SECRET).compact();
}
重复
user.getPermissions().forEach(permission -> System.out.println(permission.getRoute()));
错误
java.lang.ClassCastException: class java.util.LinkedHashMap cannot be cast to class com.bestgame.model.Permission (java.util.LinkedHashMap is in module java.base of loader 'bootstrap'; com.bestgame.model.Permission is in unnamed module of loader org.springframework.boot.devtools.restart.classloader.RestartClassLoader @6b8da817)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1540)
at com.bestgame.security.AuthorizationUser.checkPermissions(AuthorizationUser.java:22)
at com.bestgame.security.BgsAuthenticationTokenFilter.successfulAuthentication(BgsAuthenticationTokenFilter.java:41)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:240)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at