我正在使用 SQL Server 2019 进行 Spring Boot Web 应用程序。现在我正在尝试使用 Spring Security 进行 JWT 身份验证和授权,但我的
SecurityConfig.java
的 requestMatchers 出现错误:
我不知道为什么会发生这种情况,因为我看到很多人使用 requestMatchers 并且运行良好,上面没有红线。 这是 SecurityConfig.java:AbstractRequestMatcherRegistry 类型中的 requestMatchers(RequestMatcher...) 方法不适用于参数 (String, String)Java(67108979)
package com.example.demologin.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import com.example.demologin.filter.JwtAuthenticationFilter;
import com.example.demologin.service.UserDetailsServiceImp;
@Configuration
@EnableWebSecurity
public class SecurityConfig {
private final UserDetailsServiceImp userDetailsServiceImp;
private final JwtAuthenticationFilter jwtAuthenticationFilter;
private final CustomLogoutHandler logoutHandler;
public SecurityConfig(UserDetailsServiceImp userDetailsServiceImp,
JwtAuthenticationFilter jwtAuthenticationFilter,
CustomLogoutHandler logoutHandler) {
this.userDetailsServiceImp = userDetailsServiceImp;
this.jwtAuthenticationFilter = jwtAuthenticationFilter;
this.logoutHandler = logoutHandler;
}
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
return http
.csrf(AbstractHttpConfigurer::disable)
.authorizeHttpRequests(
req->req.requestMatchers("/login/**","/register/**")
.permitAll()
.requestMatchers("/admin_only/**").hasAuthority("ADMIN")
.anyRequest()
.authenticated()
).userDetailsService(userDetailsServiceImp)
.sessionManagement(session->session
.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
.exceptionHandling(
e->e.accessDeniedHandler(
(request, response, accessDeniedException)->response.setStatus(403)
)
.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)))
.logout(l->l
.logoutUrl("/logout")
.addLogoutHandler(logoutHandler)
.logoutSuccessHandler((request, response, authentication) -> SecurityContextHolder.clearContext()
))
.build();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration configuration) throws Exception {
return configuration.getAuthenticationManager();
}
}
这是我的 pom.xml:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.7.18</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.example</groupId>
<artifactId>demologin</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>demologin</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>11</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
<version>3.2.5</version>
</dependency>
<dependency>
<groupId>com.microsoft.sqlserver</groupId>
<artifactId>mssql-jdbc</artifactId>
<version>9.4.0.jre11</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-api</artifactId>
<version>0.12.3</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-impl</artifactId>
<version>0.12.3</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
<version>0.12.3</version>
<scope>runtime</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
这是我完整的src代码:https://github.com/phuccoder/demojwt.git
req.antMatchers("/login", "/register")
req.requestMatchers(new AntPathRequestMatcher("/login"), new AntPathRequestMatcher("/register"))
SecurityConfig.securityFilterChain()
。您使用
403
获得
antMatchers
状态代码的原因是因为您实现
JwtAuthenticationFilter
的方式始终需要
Authorization
标头,如果您不提供它,您将得到一个
NullPointerException
导致到错误。您的实现中可能存在一些逻辑流程,例如要求注册和登录都经过身份验证(即如果用户尚未注册,如何进行身份验证?)或检测到
JwtAuthenticationFilter.doFilterInternal()
时立即返回
Authorization: Bearer
标题(这可能不是你想要的)。此外,当你应该做
AuthenticationService.register()
user.setRole(user.getRole())
,这肯定存在一个错误