JWTAuthenticationFilter

JWTAuthenticationFilter

我正在使用spring-boot(使用JWT和spring security),并且在spring-boot中使用以下代码有一个类configSecurity:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)

public class SecurityConfig extends WebSecurityConfigurerAdapter {

    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        http.authorizeRequests().antMatchers("/login/**").permitAll();
        http.authorizeRequests().antMatchers(HttpMethod.GET,"/ListProjects/**").hasAuthority("ADMIN");
        http.authorizeRequests().anyRequest().authenticated()
                .and()
                .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint());
        http.authorizeRequests().antMatchers(HttpMethod.OPTIONS, "/**").permitAll(); //allow CORS option calls
       http.addFilter(new JWTAuthenticationFilter(authenticationManager()));
 http.addFilterBefore(new JWTAutorizationFilter(), UsernamePasswordAuthenticationFilter.class);
    }


还有一个类:JWTAuthenticationFilter.java,它包含contsructor:

 @Autowired
 public JWTAuthenticationFilter(AuthenticationManager authenticationManager)
  {
      this.authenticationManager = authenticationManager;
  }


我的目标是更改securityConfig中的行:

  http.addFilter(new JWTAuthenticationFilter(authenticationManager()));


变成这样的东西:

http.addFilter(jwtAuthenticationFilter.SetJWTAuthenticationFilter(authenticationManager());


所以我在SecurityConfig类中添加了Annocation @Autoweird,如下所示:

@Autowired
private JWTAuthenticationFilter jwtAuthenticationFilter;


所以我不知道如何在JWTAuthenticationFilter.java中制作此方法,
我做了这样的事情:

          @Autowired
          public JWTAuthenticationFilter SetJWTAuthenticationFilter(AuthenticationManager authenticationManager) {
          this.authenticationManager = authenticationManager;
          return  // (1)
       }


(1):那么在这种情况下我应该返回什么?我不想使用诸如新的JWTAuthenticationFilter()之类的东西。,有什么主意吗?还是我没有以正确的方式来做..?

编辑

添加这些更改后,我无法对用户进行身份验证,因此无法获取每个用户的令牌,我认为问题与新类有关,我添加了新类,该类实现了返回null的方法

 import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;

@Configuration
public class CustomAuthManager implements AuthenticationManager {

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        return null;
    }


}


任何想法 ??

最佳答案

那部分代码

 @Autowired
 public JWTAuthenticationFilter(AuthenticationManager authenticationManager) {
      this.authenticationManager = authenticationManager;
  }


意味着如果将JWTAuthenticationFilter创建为Spring组件(而不是通过调用new),则AuthenticationManager将自动自动连接到该类中,并且您无需运行任何类型的setter。

您的authenticationManager()方法在做什么?如果仅创建@Bean的新AuthenticationManager,则可以在单独的类中进行操作,它将自动自动连接到JWTAuthenticationFilter

可能的解决方案:
1.创建课程:

@Configuration
public class CustomAuthManager implements AuthenticationManager {
...
}


2.添加到SecurityConfig

@Autowired
private JWTAuthenticationFilter jwtAuthenticationFilter;


并使用http.addFilter(jwtAuthenticationFilter);
3.保持JWTAuthenticationFilter不变。

09-15 16:53