Spring应用程序总是以状态200响应

oxiaedzo  于 2024-01-05  发布在  Spring
关注(0)|答案(1)|浏览(149)

我目前正在开发一个Sping Boot 后端应用程序,它支持Spring Security的JWT身份验证。
我的问题是在实现所需的类以获得JWT身份验证之后开始的,但问题就从那里开始了。
下面是我添加的类,第一个代码片段是关于配置类的:

  1. @Configuration
  2. @EnableWebSecurity
  3. @EnableGlobalMethodSecurity(prePostEnabled = true)
  4. public class WebSecurityConfig {
  5. @Autowired
  6. private UserDetailsServiceImpl userDetailsService;
  7. @Autowired
  8. private AuthEntryPointJWT authEntryPointJWT;
  9. @Bean
  10. public AuthTokenFilter authentificationJwtTokenFilter(){
  11. return new AuthTokenFilter();
  12. }
  13. @Bean
  14. public DaoAuthenticationProvider authenticationProvider() {
  15. DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
  16. authProvider.setUserDetailsService(userDetailsService);
  17. authProvider.setPasswordEncoder(passwordEncoder());
  18. return authProvider;
  19. }
  20. @Bean
  21. public AuthenticationManager authenticationManager(AuthenticationConfiguration authConfig) throws Exception {
  22. return authConfig.getAuthenticationManager();
  23. }
  24. @Bean
  25. public PasswordEncoder passwordEncoder() {
  26. return new BCryptPasswordEncoder();
  27. }
  28. @Bean
  29. public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
  30. http.cors().and().csrf().disable()
  31. .exceptionHandling().authenticationEntryPoint(authEntryPointJWT).and()
  32. .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
  33. .authorizeRequests().antMatchers("/api/auth/**").permitAll()
  34. .antMatchers("/test/**").permitAll()
  35. .anyRequest().authenticated();
  36. http.authenticationProvider((authenticationProvider()));
  37. http.addFilterBefore(authentificationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
  38. return http.build();
  39. }
  40. }

字符串
第二是过滤器的实现:

  1. public class AuthTokenFilter extends OncePerRequestFilter {
  2. @Autowired
  3. private JwtUtils jwtUtils;
  4. @Autowired
  5. private UserDetailsServiceImpl userDetailsService;
  6. @Override
  7. protected void doFilterInternal(HttpServletRequest request,
  8. HttpServletResponse response,
  9. FilterChain filterChain) throws ServletException, IOException {
  10. try{
  11. String jwt = parseJwt(request);
  12. if (jwt != null && jwtUtils.validateJwtToken(jwt)){
  13. String username = jwtUtils.getUserNameFromJwtToken(jwt);
  14. UserDetails userDetails = userDetailsService.loadUserByUsername(username);
  15. UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
  16. userDetails, null, userDetails.getAuthorities()
  17. );
  18. authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
  19. SecurityContextHolder.getContext().setAuthentication(authenticationToken);
  20. }
  21. } catch (Exception e) {
  22. logger.error("Cannot set user authentification : {}", e);
  23. }
  24. }
  25. private String parseJwt(HttpServletRequest request) {
  26. String headerAuth = request.getHeader("Authorization");
  27. if (StringUtils.hasText(headerAuth) && headerAuth.startsWith("Bearer ")) {
  28. return headerAuth.substring(7, headerAuth.length());
  29. }
  30. return null;
  31. }
  32. }


下面是jwthelper类:

  1. @Component
  2. public class JwtUtils {
  3. private static final Logger logger = LoggerFactory.getLogger(JwtUtils.class);
  4. private final String jwtSecret="change_me";
  5. private int jwtExpirationMs=3600;
  6. public String generateJwtToken(Authentication authentication) {
  7. UserDetailsImpl userPrincipal = (UserDetailsImpl) authentication.getPrincipal();
  8. return Jwts.builder()
  9. .setSubject((userPrincipal.getUsername()))
  10. .setIssuedAt(new Date())
  11. .setExpiration(new Date((new Date()).getTime() + jwtExpirationMs))
  12. .signWith(SignatureAlgorithm.HS512, jwtSecret)
  13. .compact();
  14. }
  15. public String getUserNameFromJwtToken(String token) {
  16. return Jwts.parser().setSigningKey(jwtSecret).parseClaimsJws(token).getBody().getSubject();
  17. }
  18. public boolean validateJwtToken(String authToken) {
  19. try {
  20. Jwts.parser().setSigningKey(jwtSecret).parseClaimsJws(authToken);
  21. return true;
  22. } catch (SignatureException e) {
  23. logger.error("Invalid JWT signature: {}", e.getMessage());
  24. } catch (MalformedJwtException e) {
  25. logger.error("Invalid JWT token: {}", e.getMessage());
  26. } catch (ExpiredJwtException e) {
  27. logger.error("JWT token is expired: {}", e.getMessage());
  28. } catch (UnsupportedJwtException e) {
  29. logger.error("JWT token is unsupported: {}", e.getMessage());
  30. } catch (IllegalArgumentException e) {
  31. logger.error("JWT claims string is empty: {}", e.getMessage());
  32. }
  33. return false;
  34. }
  35. }


下面是用于身份验证的控制器方法:

  1. @PostMapping("/login")
  2. public JwtResponse authenticateUser(@Valid @RequestBody LoginRequest loginRequest) {
  3. Authentication authentication = authenticationManager.authenticate(
  4. new UsernamePasswordAuthenticationToken(loginRequest.getUsername(), loginRequest.getUsername()));
  5. SecurityContextHolder.getContext().setAuthentication(authentication);
  6. String jwt = jwtUtils.generateJwtToken(authentication);
  7. UserDetailsImpl userDetails = (UserDetailsImpl) authentication.getPrincipal();
  8. List<String> roles = userDetails.getAuthorities().stream()
  9. .map(item -> item.getAuthority())
  10. .collect(Collectors.toList());
  11. System.out.println(jwt);
  12. JwtResponse returnStatement = new JwtResponse(jwt, userDetails.getUsername(), roles);
  13. return returnStatement;
  14. }


现在我很确定问题出在请求过滤过程中的某个地方,我只是看不出具体在哪里。请帮助:)

mbzjlibv

mbzjlibv1#

AuthTokenFilter的实现中,在方法doFilterInternal中,您没有调用filterChain.doFilter(request, response);此方法必须始终在筛选器中调用,否则应用程序将无法继续其筛选器链并返回默认响应,在您的情况下为200。

相关问题