401 未找到 JWT 令牌 [英] 401 JWT Token not found
问题描述
我提供了 security.yaml 文件的两个版本.根据 API 平台 文档的第二个版本.API 平台发送到 创建自定义用户提供程序.对于 API 平台文档中推荐的第二个选项 security.yaml,我需要创建两个额外的文件.我没有将它们附加到主题中,但会在必要时附加.
I provided two versions of the security.yaml file. The second version according to API Platform documentation. API Platform sends to the creation a custom user provider. For the second option security.yaml recommended at API Platform docs, I need to create two additional files. I did not attach them to the topic, but will do it if necessary.
但我认为问题出在 JWT 中.
But I think that problem it is in JWT.
环境:
- 节点 v8.9.4
- 铬 64.0.3282.119
- Ubuntu 16.04
- axios 版本:0.16.2
- Vue.js 2.4.2
- vue-axios 2.0.2
- api-platform/api-pack: 1.0
- Symfony 4.0.4
<?php
namespace App\Entity;
use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Security\Core\User\UserInterface;
/**
* @ORM\Table(name="app_users")
* @ORM\Entity(repositoryClass="App\Repository\UserRepository")
*/
class User implements UserInterface, \Serializable
{
/**
* @ORM\Column(type="integer")
* @ORM\Id
* @ORM\GeneratedValue(strategy="AUTO")
*/
private $id;
/**
* @ORM\Column(type="string", length=25, unique=true)
*/
private $username;
/**
* @ORM\Column(type="string", length=64)
*/
private $password;
/**
* @ORM\Column(type="string", length=60, unique=true)
*/
private $email;
/**
* @ORM\Column(name="is_active", type="boolean")
*/
private $isActive;
public function __construct() // add $username
{
$this->isActive = true;
}
public function getUsername()
{
return $this->username;
}
public function getSalt()
{
// you *may* need a real salt depending on your encoder
// see section on salt below
return null;
}
public function getPassword()
{
return $this->password;
}
public function getRoles()
{
return array('ROLE_ADMIN');
}
public function eraseCredentials()
{
}
/** @see \Serializable::serialize() */
public function serialize()
{
return serialize(array(
$this->id,
$this->username,
$this->password,
// see section on salt below
// $this->salt,
));
}
/** @see \Serializable::unserialize() */
public function unserialize($serialized)
{
list (
$this->id,
$this->username,
$this->password,
// see section on salt below
// $this->salt
) = unserialize($serialized);
}
}
首选 security.yaml
security:
encoders:
App\Entity\User:
algorithm: bcrypt
providers:
our_db_provider:
entity:
class: App\Entity\User
property: username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/api/login
stateless: true
anonymous: true
form_login:
check_path: /api/login_check
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
require_previous_session: false
api:
pattern: ^/api
stateless: true
provider: our_db_provider
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
第二个选项 security.yaml
security:
encoders:
App\Entity\User:
algorithm: bcrypt
App\Security\User\WebserviceUser: bcrypt
providers:
our_db_provider:
entity:
class: App\Entity\User
property: username
webservice:
id: App\Security\User\WebserviceUserProvider
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/api/login
stateless: true
anonymous: true
provider: webservice
form_login:
check_path: /api/login_check
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
require_previous_session: false
api:
pattern: ^/api
stateless: true
provider: our_db_provider
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
标题
###> lexik/jwt-authentication-bundle ###
# Key paths should be relative to the project directory
JWT_PRIVATE_KEY_PATH=var/jwt/private.pem
JWT_PUBLIC_KEY_PATH=var/jwt/public.pem
JWT_PASSPHRASE=d70414362252a41ce772dff4823d084d
###< lexik/jwt-authentication-bundle ###
lexik_jwt_authentication.yaml
lexik_jwt_authentication:
private_key_path: '%kernel.project_dir%/%env(JWT_PRIVATE_KEY_PATH)%'
public_key_path: '%kernel.project_dir%/%env(JWT_PUBLIC_KEY_PATH)%'
pass_phrase: '%env(JWT_PASSPHRASE)%'
推荐答案
问题是加密的私钥.
在传输或发送私钥之前,私钥通常会使用密码或密码进行加密和保护.当您收到加密的私钥时,您必须解密私钥才能使用私钥.
Private key is normally encrypted and protected with a passphrase or password before the private key is transmitted or sent. When you receive an encrypted private key, you must decrypt the private key in order to use the private key.
要确定私钥是否加密,请在任何文本编辑器中打开私钥.加密密钥的前几行类似于以下内容,带有 ENCRYPTED 字样:
To identify whether a private key is encrypted or not, open the private key in any text editor. An encrypted key has the first few lines that similar to the following, with the ENCRYPTED word:
---BEGIN RSA PRIVATE KEY---
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,AB8E2B5B2D989271273F6730B6F9C687
------
------
------
---END RSA PRIVATE KEY---另一方面,未加密的密钥将具有以下格式:
On the other hand, an unecrypted key will have the following format:
---BEGIN RSA PRIVATE KEY---
------
------
------
---END RSA PRIVATE KEY---加密密钥在大多数情况下不能直接在应用程序中使用.必须先解密.
Encrypted key cannot be used directly in applications in most scenario. It must be decrypted first.
Linux 中的 OpenSSL 是解密加密私钥的最简单方法.使用以下命令解密加密的 RSA 密钥:
OpenSSL in Linux is the easiest way to decrypt an encrypted private key. Use the following command to decrypt an encrypted RSA key:
openssl rsa -in ssl.key.secure -out ssl.key
确保将server.key.secure"替换为加密密钥的文件名,并将server.key"替换为加密输出密钥文件所需的文件名.
Make sure to replace the "server.key.secure" with the filename of your encrypted key, and "server.key" with the file name that you want for your encrypted output key file.
如果加密密钥受密码或密码保护,请在提示时输入密码.
If the encrypted key is protected by a passphrase or password, enter the pass phrase when prompted.
完成后,您会注意到文件中的 ENCRYPTED 字样已消失.
Once done, you will notice that the ENCRYPTED wording in the file has gone.
如果我没有使用Postman,我就不会看到Symfony的错误,它帮助我找到了问题的根源.如果 Lesik LexikJWTAuthenticationBundle 处理了这个错误,那就太好了.
这篇关于401 未找到 JWT 令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
