JWT的Spring Security [英] Spring Security with JWT

问题描述

我正在尝试使用JWT开发Spring Security项目. 我想在没有Spring Security的情况下(没有JWT令牌)访问Login api.但是使用下面的配置，每次(对于登录api而言)每次都在检查JWT令牌，这给了我403错误.

I am trying to develop Spring Security project with JWT. I want access Login api with out Spring Security (without JWT token). But with below configuration, every time (for login api as well) it is checking for JWT token giving me 403 error.

下面是我的WebSecurityConfig.

Below is my WebSecurityConfig.

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
private JwtAuthFilter jwtAuthFilter;

@Autowired
private TokenAuthenticationService jwtAuthenticationProvider;

@Override
public void configure(AuthenticationManagerBuilder auth)  throws Exception {
    auth.authenticationProvider(jwtAuthenticationProvider);
}



@Override
protected void configure(HttpSecurity http) throws Exception {

    http.csrf().ignoringAntMatchers("/api/v1/login");
    http.csrf().disable();

    http.authorizeRequests()
            .antMatchers("/api/v1/login")
            .permitAll()
            .and()
            .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);
}

}

预先感谢

推荐答案

在调用每个服务之前，都会执行名为JwtAuthFilter的过滤器类.

There is filter class named JwtAuthFilter that is being executed before every service you call.

.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class) 

此代码提供了在每个请求之前执行过滤器的方法，但是没关系，您必须看到此FilterClass必须进行一些检查，如果令牌不存在，则必须返回过滤器类，并且请求将直接转到登录服务.如果您可以显示Filter类，我会为您提供帮助.

this code provides to be executed filter before every request, but its okay, you have to see this FilterClass there must be some check if token doesnt exist filter class must be returned and request will directly go to the login service. if you can show that Filter class and I will help you.

这篇关于JWT的Spring Security的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！