java JwtDecoder不再存在于springsecurity6中

dauxcl2d  于 2023-08-01  发布在  Java
关注(0)|答案(2)|浏览(154)

我在升级到spring security core 6. 1时遇到了麻烦,我的过滤器链缺少jwt的解码器。问题是jwt.decoder()函数接受的唯一类JwtDecoder不再是受支持的类。
现在,我将其更改为如下所示:

  1. @Bean
  2.   public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
  3.     http.csrf(AbstractHttpConfigurer::disable).authorizeHttpRequests(auth -> auth.anyRequest().permitAll())
  4.             .oauth2ResourceServer(oauth->oauth.jwt(jwt->jwt.decoder()));
  5.     return http.build();
  6.   }

字符串
在从spring security oauth2切换到spring security 6之前,它看起来像下面的块

  1. @Configuration
  2. public class SecurityConfig extends WebSecurityConfigurerAdapter {
  4.   @Override
  5.   protected void configure(HttpSecurity http) throws Exception {
  6.     http.csrf().disable().authorizeRequests().anyRequest().permitAll();
  7.   }


我不相信我应该需要资源服务器在所有,但没有它,我收到一个“principalName不能为空错误”
需要帮助让新的像旧的那样工作。我愿意接受所有的请求。

Java

2条答案

按热度按时间
5anewei6

5anewei61#

JwtDecoder仍然受支持,您可以在这里找到它:https://mvnrepository.com/artifact/org.springframework.security/spring-security-oauth2-jose
如果你正在使用Maven,你可以将它添加到你的项目中:

  1. <dependency>
  2.             <groupId>org.springframework.security</groupId>
  3.             <artifactId>spring-security-oauth2-jose</artifactId>
  4.             <version>6.1.0</version>
  5.         </dependency>

字符串
对于Gradle:

  1. implementation 'org.springframework.security:spring-security-oauth2-jose:6.1.0'

赞(0)分享  回复(0)举报  2023-08-01
h79rfbju

h79rfbju2#

这在基本情况下应该足够了

  1. @EnableWebSecurity
  2. @EnableMethodSecurity
  3. @Configuration
  4. public class WebSecurityConfig {
  6.     @Bean
  7.     SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
  8.         http.oauth2ResourceServer(oauth2 -> oauth2.jwt((jwt) -> {}));
  10.         // State-less session (state in access-token only)
  11.         http.sessionManagement(sm -> sm.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
  13.         // Disable CSRF because of state-less session-management
  14.         http.csrf(csrf -> csrf.disable());
  16.         // Return 401 (unauthorized) instead of 302 (redirect to login) when
  17.         // authorization is missing or invalid
  18.         http.exceptionHandling(eh -> eh.authenticationEntryPoint((request, response, authException) -> {
  19.             response.addHeader(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"Restricted Content\"");
  20.             response.sendError(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase());
  21.         }));
  23.         http.authorizeHttpRequests(requests -> requests
  24.             .requestMatchers(new AntPathRequestMatcher("/public/**")).permitAll()
  25.             .anyRequest().authenticated());
  27.         return http.build();
  28.     }
  29. }

字符串
更多细节,从这里开始。

展开查看全部
赞(0)分享  回复(0)举报  2023-08-01
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com