没有调用Spring过滤器

问题描述 投票:1回答:1

我一直在关注this教程以在Spring中获得JWT身份验证,但由于某种原因,过滤器对我不起作用。我已经从Github下载了这个教程项目并且它可以工作,但是我没有,我无法弄清楚为什么......

我将在下面发布一些代码(不介意Kotlin + Java混合,我试图在java中实现安全配置,想想也许这是一个问题)

Initializer.kt

class Initializer : WebApplicationInitializer {
@Throws(ServletException::class)
override fun onStartup(container: ServletContext) {
    val context = AnnotationConfigWebApplicationContext()
    context.scan("com.newyorkcrew.server.config")
    context.scan("com.newyorkcrew.server.domain")

    val dispatcher = container.addServlet("dispatcher", DispatcherServlet(context))
    dispatcher.setLoadOnStartup(1)
    dispatcher.addMapping("/api/*")
}
}

WebConfig.kt

@Bean
fun propertySourcesPlaceholderConfigurer(): PropertySourcesPlaceholderConfigurer {
return PropertySourcesPlaceholderConfigurer()
 }

@Configuration
@Import(JPAConfig::class)
@EnableWebMvc
@ComponentScan("com.newyorkcrew.server")
@PropertySources(PropertySource(value = ["classpath:local/db.properties",     "classpath:local/security.properties"]))
open class WebConfig {

@Bean
open fun corsConfigurer(): WebMvcConfigurer {
    return object : WebMvcConfigurer {
        override fun addCorsMappings(registry: CorsRegistry?) {
            registry!!.addMapping("/**")
                    .allowedOrigins("http://localhost:4200", "http://localhost:8080", "http://localhost:8081")
                    .allowedMethods("GET", "PUT", "POST", "DELETE")
        }
    }
}
}

WebSecurity.java

    @Configuration
@EnableWebSecurity
@ComponentScan("com.newyorkcrew.server.config")
public class WebSecurity extends WebSecurityConfigurerAdapter {
    public static String SECRET;

    @Value("{security.secret}")
    private void setSECRET(String value) {
        SECRET = value;
    }

    @Value("{security.expiration}")
    public static long EXPIRATION_TIME;

    @Value("{security.header}")
    public static String HEADER;

    @Value("{security.prefix}")
    public static String PREFIX;

    public static String SIGN_UP_URL;

    @Value("${security.signupurl}")
    private void setSignUpUrl(String value) {
        SIGN_UP_URL = value;
    }

    @Autowired
    private UserDetailsService userDetailsService;

    public WebSecurity(UserDetailsService userDetailsService) {
        this.userDetailsService = userDetailsService;
    }

    @Bean
    public BCryptPasswordEncoder bCryptPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors().and().csrf().disable().authorizeRequests()
                .antMatchers(HttpMethod.POST, SIGN_UP_URL).permitAll()
                .anyRequest().authenticated()
                .and()
                .addFilter(new JWTAuthenticationFilter(authenticationManager()))
                .addFilter(new JWTAuthorizationFilter(authenticationManager()));
    }

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
    }

    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/api/**", new CorsConfiguration().applyPermitDefaultValues());
        return source;
    }

}

我还实现了UserDetailService,JWTAuthenticationFilter和JWTAuthorizationFilter,但是只要它们没有被击中,我认为它们并不重要。

我已经使用了一段时间的配置并且它们工作了,但是当添加SecurityConfig时,它已初始化,但过滤器由于某种原因不起作用。

如果需要更多代码,我会发布。

编辑:根据要求,执行JWTAuthenticationFilter。

open class JWTAuthenticationFilter(private val authManager: AuthenticationManager) : UsernamePasswordAuthenticationFilter() {
    override fun attemptAuthentication(request: HttpServletRequest?, response: HttpServletResponse?): Authentication {
        try {
            // Build the user DTO from the request
            val userDTO = Gson().fromJson(convertInputStreamToString(request?.inputStream), UserDTO::class.java)

            // Build the user from the DTO
            val user = UserConverter().convertDtoToModel(userDTO)

            // Try to authenticate
            return authManager.authenticate(UsernamePasswordAuthenticationToken(user.email, user.password, ArrayList()))
        } catch (e: Exception) {
            throw RuntimeException(e)
        }
    }

    override fun successfulAuthentication(request: HttpServletRequest?, response: HttpServletResponse?,
                                          chain: FilterChain?, authResult: Authentication?) {
        val token = Jwts.builder()
                .setSubject(authResult?.principal.toString())
                .setExpiration(Date(System.currentTimeMillis() + EXPIRATION_TIME))
                .signWith(SignatureAlgorithm.HS512, SECRET.toByteArray())
                .compact()
        response?.addHeader(HEADER, "$PREFIX $token")
    }
}

任何帮助表示赞赏。

java spring spring-mvc spring-security jwt
1个回答
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.