当前位置: 首页 > 知识库问答 >
问题:

获取未授权错误:访问此资源需要完全身份验证

连时铭
2023-03-14

我正在应用程序中实现JWTspring安全进行身份验证。

我有3个角色:管理员,版主和用户。

例如,在使用user role登录之后,我得到了主页,但是当我通过点击一个按钮访问用户空间时,我得到了:

2020-09-04 09:01:22.819错误10148---[nio-8080-exec-5]C.B.S.Security.jwt.AuthentryPointJwt:未经授权的错误:访问此资源需要完全身份验证

文件WebSecurityConfig.java是:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(
        // securedEnabled = true,
        // jsr250Enabled = true,
        prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    UserDetailsServiceImpl userDetailsService;

    @Autowired
    private AuthEntryPointJwt unauthorizedHandler;

    @Bean
    public AuthTokenFilter authenticationJwtTokenFilter() {
        return new AuthTokenFilter();
    }

    @Override
    public void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors().and().csrf().disable()
            .exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
            .authorizeRequests().antMatchers("/api/auth/**").permitAll()
            .antMatchers("/api/test/**").permitAll()
            .anyRequest().authenticated();

        http.addFilterBefore(authenticationJwtTokenFilter(), UsernamePasswordAuthenticationFilter.class);
    }
}

>

  • 类AuthEntryPointJwt为:

    @Component公共类AuthEntryPointJwt实现AuthenticationEntryPoint{

      private static final Logger logger = LoggerFactory.getLogger(AuthEntryPointJwt.class);
    
      @Override
      public void commence(HttpServletRequest request, HttpServletResponse response,
              AuthenticationException authException) throws IOException, ServletException {
          logger.error("Unauthorized error: {}", authException.getMessage());
          response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Error: Unauthorized");
      }
    

    }

    类AuthTokenFilter为:

    公共类AuthTokenFilter扩展OncePerRequestFilter{@Autowired private JwtUtils JwtUtils;

      @Autowired
      private UserDetailsServiceImpl userDetailsService;
    
      private static final Logger logger = LoggerFactory.getLogger(AuthTokenFilter.class);
    
      @Override
      protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
              throws ServletException, IOException {
          try {
              String jwt = parseJwt(request);
              if (jwt != null && jwtUtils.validateJwtToken(jwt)) {
                  String username = jwtUtils.getUserNameFromJwtToken(jwt);
    
                  UserDetails userDetails = userDetailsService.loadUserByUsername(username);
                  UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
                          userDetails, null, userDetails.getAuthorities());
                  authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
    
                  SecurityContextHolder.getContext().setAuthentication(authentication);
              }
          } catch (Exception e) {
              logger.error("Cannot set user authentication: {}", e);
          }
    
          filterChain.doFilter(request, response);
      }
    
      private String parseJwt(HttpServletRequest request) {
          String headerAuth = request.getHeader("Authorization");
    
          if (StringUtils.hasText(headerAuth) && headerAuth.startsWith("Bearer ")) {
              return headerAuth.substring(7, headerAuth.length());
          }
    
          return null;
      }
    

    }

    类JwtUtils是:

    @component公共类JwtUtils{private static final Logger Logger=loggerfactory.getLogger(JwtUtils.class);

      @Value("${bezkoder.app.jwtSecret}")
      private String jwtSecret;
    
      @Value("${bezkoder.app.jwtExpirationMs}")
      private int jwtExpirationMs;
    
      public String generateJwtToken(Authentication authentication) {
    
          UserDetailsImpl userPrincipal = (UserDetailsImpl) authentication.getPrincipal();
    
          return Jwts.builder()
                  .setSubject((userPrincipal.getUsername()))
                  .setIssuedAt(new Date())
                  .setExpiration(new Date((new Date()).getTime() + jwtExpirationMs))
                  .signWith(SignatureAlgorithm.HS512, jwtSecret)
                  .compact();
      }
    
      public String getUserNameFromJwtToken(String token) {
          return Jwts.parser().setSigningKey(jwtSecret).parseClaimsJws(token).getBody().getSubject();
      }
    
      public boolean validateJwtToken(String authToken) {
          try {
              Jwts.parser().setSigningKey(jwtSecret).parseClaimsJws(authToken);
              return true;
          } catch (SignatureException e) {
              logger.error("Invalid JWT signature: {}", e.getMessage());
          } catch (MalformedJwtException e) {
              logger.error("Invalid JWT token: {}", e.getMessage());
          } catch (ExpiredJwtException e) {
              logger.error("JWT token is expired: {}", e.getMessage());
          } catch (UnsupportedJwtException e) {
              logger.error("JWT token is unsupported: {}", e.getMessage());
          } catch (IllegalArgumentException e) {
              logger.error("JWT claims string is empty: {}", e.getMessage());
          }
    
          return false;
      }
    

    }

    类AuthController为:

    @crossorigin(origins=“*”,maxAge=3600)@restcontroller@requestmapping(“/api/auth”)公共类AuthController{@autowired AuthenticationManager AuthenticationManager;

          @Autowired
          UserRepository userRepository;
    
          @Autowired
          RoleRepository roleRepository;
    
          @Autowired
          PasswordEncoder encoder;
    
          @Autowired
          JwtUtils jwtUtils;
    
          @PostMapping("/signin")
          public ResponseEntity<?> authenticateUser(@Valid @RequestBody LoginRequest loginRequest) {
    
              System.out.println("---------------- auth 1 ");
              Authentication authentication = authenticationManager.authenticate(
                      new UsernamePasswordAuthenticationToken(loginRequest.getUsername(), loginRequest.getPassword()));
    
              SecurityContextHolder.getContext().setAuthentication(authentication);
              String jwt = jwtUtils.generateJwtToken(authentication);
    
              UserDetailsImpl userDetails = (UserDetailsImpl) authentication.getPrincipal();      
              List<String> roles = userDetails.getAuthorities().stream()
                      .map(item -> item.getAuthority())
                      .collect(Collectors.toList());
    
              return ResponseEntity.ok(new JwtResponse(jwt, 
                                                       userDetails.getId(), 
                                                       userDetails.getUsername(), 
                                                       userDetails.getEmail(), 
                                                       roles));
          }
    
    
    
          @GetMapping("/user")
          @PreAuthorize("hasRole('USER') or hasRole('MODERATOR') or hasRole('ADMIN')")
          public String userAccess()
          {
              System.out.println("---------------- test User ");
              return "User Content.";
          }
      }
    

    文件application.properties,我放入:

    spring.datasource.url=...
    spring.datasource.username=...
    spring.datasource.password=...
    spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation= true
    spring.jpa.properties.hibernate.dialect=...
    spring.jpa.hibernate.ddl-auto=update
    bezkoder.app.jwtSecret= bezKoderSecretKey
    bezkoder.app.jwtExpirationMs= 86400000
    

    在浏览器控制台,我得到了这个例外。

    你能帮我解决那个问题吗?。非常感谢。

  • 共有1个答案

    颛孙晗昱
    2023-03-14

    您应该注释@preauthorize(“hasRole('User')或hasRole('Moderator')或hasRole('Admin')”)

    说说结果?。

     类似资料: