Мобильная версияЯ использую jjwt-api 0.12.6 для генерации токена jwt с использованием Java 21. при создании токена от почтальона я получаю код ошибки 403, но в консоли я получаю ожидаемый зарегистрированный токен, и этот токен нельзя использовать для защищенные API-интерфейсы также выдают 403 с исключением неправильного токена. Я несколько раз проверял сквозную реализацию, но не смог обнаружить никаких расхождений.
Ниже приведен журнал для конечной точки /create-token.
************************************************************
Request received for POST '/create-token':
org.apache.catalina.connector.RequestFacade@1d2c4879
servletPath:/create-token
pathInfo:null
headers:
content-type: application/json
user-agent: PostmanRuntime/7.39.0
accept: */*
postman-token: 351883fe-79a7-478a-833c-81b7cb446b4c
host: localhost:8080
accept-encoding: gzip, deflate, br
connection: keep-alive
content-length: 69
Security filter chain: [
DisableEncodeUrlFilter
WebAsyncManagerIntegrationFilter
SecurityContextHolderFilter
HeaderWriterFilter
CorsFilter
LogoutFilter
JwtAuthFilter
RequestCacheAwareFilter
SecurityContextHolderAwareRequestFilter
AnonymousAuthenticationFilter
SessionManagementFilter
ExceptionTranslationFilter
AuthorizationFilter
]
************************************************************
Hibernate: select u1_0.id,u1_0.email,u1_0.password,u1_0.roles,u1_0.username from user u1_0 where u1_0.email=?
2024-07-03T05:37:11.911+05:30 INFO 3420 --- [CRM-System] [nio-8080-exec-1] c.c.b.CRM.System.filter.JwtService : Generating token for username: user1@example.com
2024-07-03T05:37:11.938+05:30 INFO 3420 --- [CRM-System] [nio-8080-exec-1] c.c.b.CRM.System.filter.JwtService : Generated Token: eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJ1c2VyMUBleGFtcGxlLmNvbSIsImlhdCI6MTcxOTk2NTIzMSwiZXhwIjoxNzE5OTY1ODMxfQ.4eijNospa61Bjb5WUfqOt1PbY6luS4GdWy5rLmXZPeSvnJV27uXCgiPi2hZUzetLnpZXwNRscXQSB_KoftfzVw
2024-07-03T05:37:11.955+05:30 INFO 3420 --- [CRM-System] [nio-8080-exec-1] Spring Security Debugger :
************************************************************
Request received for POST '/eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJ1c2VyMUBleGFtcGxlLmNvbSIsImlhdCI6MTcxOTk2NTIzMSwiZXhwIjoxNzE5OTY1ODMxfQ.4eijNospa61Bjb5WUfqOt1PbY6luS4GdWy5rLmXZPeSvnJV27uXCgiPi2hZUzetLnpZXwNRscXQSB_KoftfzVw':
SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@453ba642]
servletPath:/eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJ1c2VyMUBleGFtcGxlLmNvbSIsImlhdCI6MTcxOTk2NTIzMSwiZXhwIjoxNzE5OTY1ODMxfQ.4eijNospa61Bjb5WUfqOt1PbY6luS4GdWy5rLmXZPeSvnJV27uXCgiPi2hZUzetLnpZXwNRscXQSB_KoftfzVw
pathInfo:null
headers:
content-type: application/json
user-agent: PostmanRuntime/7.39.0
accept: */*
postman-token: 351883fe-79a7-478a-833c-81b7cb446b4c
host: localhost:8080
accept-encoding: gzip, deflate, br
connection: keep-alive
content-length: 69
Security filter chain: [
DisableEncodeUrlFilter
WebAsyncManagerIntegrationFilter
SecurityContextHolderFilter
HeaderWriterFilter
CorsFilter
LogoutFilter
JwtAuthFilter
RequestCacheAwareFilter
SecurityContextHolderAwareRequestFilter
AnonymousAuthenticationFilter
SessionManagementFilter
ExceptionTranslationFilter
AuthorizationFilter
]
************************************************************
2024-07-03T05:37:11.955+05:30 INFO 3420 --- [CRM-System] [nio-8080-exec-1] Spring Security Debugger :
************************************************************
Request received for POST '/error':
org.apache.catalina.core.ApplicationHttpRequest@31b0b42d
servletPath:/error
pathInfo:null
headers:
content-type: application/json
user-agent: PostmanRuntime/7.39.0
accept: */*
postman-token: 351883fe-79a7-478a-833c-81b7cb446b4c
host: localhost:8080
accept-encoding: gzip, deflate, br
connection: keep-alive
content-length: 69
Security filter chain: [
DisableEncodeUrlFilter
WebAsyncManagerIntegrationFilter
SecurityContextHolderFilter
HeaderWriterFilter
CorsFilter
LogoutFilter
JwtAuthFilter
RequestCacheAwareFilter
SecurityContextHolderAwareRequestFilter
AnonymousAuthenticationFilter
SessionManagementFilter
ExceptionTranslationFilter
AuthorizationFilter
]
************************************************************
мой класс обслуживания jwt
package com.crmsystem.backend.CRM.System.filter;
import io.jsonwebtoken.*;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.io.Encoders;
import io.jsonwebtoken.security.Keys;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import javax.crypto.SecretKey;
import java.security.Key;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
@Component
public class JwtService {
private static final Logger logger = LoggerFactory.getLogger(JwtService.class);
SecretKey key = Jwts.SIG.HS512.key().build(); //or HS384.key() or HS512.key())
String secretString = Encoders.BASE64.encode(key.getEncoded());
public String generateToken(String username) {
logger.info("Generating token for username: {}", username);
Map claims = new HashMap();
String token = createToken(claims, username);
logger.info("Generated Token: {}", token);
return token;
}
private String createToken(Map claims, String username) {
logger.debug("Creating token with claims: {} and username: {}", claims, username);
return Jwts.builder()
.claims(claims)
.subject(username)
.issuedAt(new Date(System.currentTimeMillis()))
.expiration(new Date(System.currentTimeMillis() + 1000 * 60 * 10))
.signWith(getSignKey())
.compact();
}
public String getUserNameFromJwtToken(String token)
{
return Jwts.parser()
.verifyWith((SecretKey) getSignKey())
.build().parseSignedClaims(token)
.getPayload().getSubject();
}
private Key getSignKey() {
logger.debug("Decoding secret key");
SecretKey key=Keys.hmacShaKeyFor(Decoders.BASE64.decode(secretString));
return key;
}
public boolean validateJwtToken(String authToken)
{
try{
System.out.println("Validate");
Jwts.parser().verifyWith((SecretKey) getSignKey()).build()
.parseSignedClaims(authToken);
return true;
}catch (MalformedJwtException e)
{
logger.error("Invalid JWT token: {}",e.getMessage());
}
catch(ExpiredJwtException e)
{
logger.error("JWT token is expired: {}",e.getMessage());
}
catch (UnsupportedJwtException e)
{
logger.error("JWT token is unsupported: {}",e.getMessage());
}
catch (IllegalArgumentException e)
{
logger.error("JWT claims string is empty: {}",e.getMessage());
}
return false;
}
}
Класс фильтра
package com.crmsystem.backend.CRM.System.filter;
import com.crmsystem.backend.CRM.System.config.UserInfoUserDetailsService;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import java.io.IOException;
@Component
public class JwtAuthFilter extends OncePerRequestFilter {
@Autowired
private JwtService jwtService;
@Autowired
private UserInfoUserDetailsService detailsService;
private static final Logger logger = LoggerFactory.getLogger(JwtAuthFilter.class);
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
String authheader = request.getHeader("Authorization");
String token = null;
String username = null;
if (authheader != null && authheader.startsWith("Bearer ")) {
token = authheader.substring(7);
username = jwtService.getUserNameFromJwtToken(token);
}
logger.debug("JwtAuthFilter called for URI: {}", request.getRequestURI());
try {
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UserDetails userDetails = detailsService.loadUserByUsername(username);
if (jwtService.validateJwtToken(token)) {
UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authToken);
}
}
}catch (Exception e)
{
logger.error("Cannot set user authentication: {} ",e);
}
filterChain.doFilter(request,response);
}
}
Класс конфигурации
package com.crmsystem.backend.CRM.System.config;
import com.crmsystem.backend.CRM.System.filter.JwtAuthFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.firewall.StrictHttpFirewall;
@Configuration
@EnableWebSecurity
@EnableMethodSecurity
public class SecurityConfig {
@Autowired
private JwtAuthFilter jwtAuthFilter;
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception
{
http.csrf(AbstractHttpConfigurer::disable).authorizeHttpRequests((request) -> request.requestMatchers("/create-token","/register").permitAll()
.anyRequest().authenticated());
http.sessionManagement((session)->session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
http.authenticationProvider(authenticationProvider());
http.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);
//http.httpBasic((Customizer.withDefaults()));
//http.formLogin(Customizer.withDefaults());
//http.headers((headers)->headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin));
return http.build();
}
@Bean
public UserDetailsService userDetailsService() {
//Create User using inBuilt UserDetails Class
// UserDetails user1 = User.withUsername("user1")
// .password(passwordEncoder().encode("$2a$10$OK.lOSLZn0HXeq7VoCRkBeuypTifSfVIvc6B2Go6Zxp2c9Fc/nUGe"))
// .roles("USER")
// .build();
//
// UserDetails user2 = User.withUsername("user2")
// .password(passwordEncoder().encode("$2a$10$qEtlZo9lakqVHRXcuJeENul4nkhE.tDmB1FjxrjvPaBUw3S/9bsue"))
// .roles("ADMIN")
// .build();
//Fetch the user's info from database
return new UserInfoUserDetailsService();
}
@Bean
public PasswordEncoder passwordEncoder()
{
return new BCryptPasswordEncoder();
}
@Bean
public AuthenticationProvider authenticationProvider()
{
DaoAuthenticationProvider daoAuthenticationProvider=new DaoAuthenticationProvider();
daoAuthenticationProvider.setUserDetailsService(userDetailsService());
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
return daoAuthenticationProvider;
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception
{
return authenticationConfiguration.getAuthenticationManager();
}
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.debug(true);
}
@Bean
public StrictHttpFirewall allowUrlEncodedSlashHttpFirewall() {
StrictHttpFirewall firewall = new StrictHttpFirewall();
firewall.setAllowUrlEncodedSlash(true);
return firewall;
}
}
Класс контроллера
package com.crmsystem.backend.CRM.System.controller;
import com.crmsystem.backend.CRM.System.filter.JwtService;
import com.crmsystem.backend.CRM.System.Services.UserService;
import com.crmsystem.backend.CRM.System.dto.AuthRequest;
import com.crmsystem.backend.CRM.System.entities.User;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import java.util.*;
@Controller
public class UserController {
@Autowired
private UserService userService;
@Autowired
private JwtService jwtService;
@Autowired
private AuthenticationManager authenticationManager;
@PostMapping("/register")
public ResponseEntity register(@RequestBody List users) {
if (users.isEmpty()) {
return ResponseEntity.status(HttpStatus.BAD_REQUEST).build();
}
List registeredUsers = new ArrayList();
for (User user : users) {
registeredUsers.add(userService.registerUsers(user));
}
return ResponseEntity.ok(registeredUsers);
}
@PostMapping("/user-login")
@PreAuthorize("hasRole('ROLE_USER')")
public ResponseEntity login(@RequestBody Map credentials) {
if(!credentials.containsKey("username") || !credentials.containsKey("password"))
{
return ResponseEntity.status((HttpStatus.BAD_REQUEST)).build();
}
String username = credentials.get("username");
String password = credentials.get("password");
User loggedInUser = userService.loginUser(username, password);
return ResponseEntity.ok(loggedInUser);
}
@GetMapping("/getAllUser")
@PreAuthorize("hasRole('ROLE_ADMIN')")
public ResponseEntity getAllUser()
{
List users=userService.getAllUser();
if(users.isEmpty())
{
return ResponseEntity.status((HttpStatus.BAD_REQUEST)).build();
}
return ResponseEntity.ok(users);
}
@GetMapping("/getUserById/{userId}")
@PreAuthorize("hasRole('USER')")
public ResponseEntity getUserByUserId(@PathVariable long userId)
{
Optional user=userService.getUserById(userId);
if(user.isEmpty())
{
return ResponseEntity.status(HttpStatus.NOT_FOUND).build();
}
return ResponseEntity.ok(user);
}
@PostMapping("/create-token")
public String authenticateAndGetToken(@RequestBody AuthRequest authRequest)
{
Authentication authentication=authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(authRequest.getUsername(),authRequest.getPassword()));
if(authentication.isAuthenticated())
{
return jwtService.generateToken(authRequest.getUsername());
}
else {
throw new UsernameNotFoundException("invalid user request");
}
}
}
Подробнее здесь: https://stackoverflow.com/questions/786 ... -boot-usin
Получение кода ошибки 403 в почтальоне при создании токена JWT при весенней загрузке с использованием Java 21 ⇐ JAVA
Программисты JAVA общаются здесь
1719979801
Anonymous
Я использую jjwt-api 0.12.6 для генерации токена jwt с использованием Java 21. при создании токена от почтальона я получаю код ошибки 403, но в консоли я получаю ожидаемый зарегистрированный токен, и этот токен нельзя использовать для защищенные API-интерфейсы также выдают 403 с исключением неправильного токена. Я несколько раз проверял сквозную реализацию, но не смог обнаружить никаких расхождений.
Ниже приведен журнал для конечной точки /create-token.
************************************************************
Request received for POST '/create-token':
org.apache.catalina.connector.RequestFacade@1d2c4879
servletPath:/create-token
pathInfo:null
headers:
content-type: application/json
user-agent: PostmanRuntime/7.39.0
accept: */*
postman-token: 351883fe-79a7-478a-833c-81b7cb446b4c
host: localhost:8080
accept-encoding: gzip, deflate, br
connection: keep-alive
content-length: 69
Security filter chain: [
DisableEncodeUrlFilter
WebAsyncManagerIntegrationFilter
SecurityContextHolderFilter
HeaderWriterFilter
CorsFilter
LogoutFilter
JwtAuthFilter
RequestCacheAwareFilter
SecurityContextHolderAwareRequestFilter
AnonymousAuthenticationFilter
SessionManagementFilter
ExceptionTranslationFilter
AuthorizationFilter
]
************************************************************
Hibernate: select u1_0.id,u1_0.email,u1_0.password,u1_0.roles,u1_0.username from user u1_0 where u1_0.email=?
2024-07-03T05:37:11.911+05:30 INFO 3420 --- [CRM-System] [nio-8080-exec-1] c.c.b.CRM.System.filter.JwtService : Generating token for username: user1@example.com
2024-07-03T05:37:11.938+05:30 INFO 3420 --- [CRM-System] [nio-8080-exec-1] c.c.b.CRM.System.filter.JwtService : Generated Token: eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJ1c2VyMUBleGFtcGxlLmNvbSIsImlhdCI6MTcxOTk2NTIzMSwiZXhwIjoxNzE5OTY1ODMxfQ.4eijNospa61Bjb5WUfqOt1PbY6luS4GdWy5rLmXZPeSvnJV27uXCgiPi2hZUzetLnpZXwNRscXQSB_KoftfzVw
2024-07-03T05:37:11.955+05:30 INFO 3420 --- [CRM-System] [nio-8080-exec-1] Spring Security Debugger :
************************************************************
Request received for POST '/eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJ1c2VyMUBleGFtcGxlLmNvbSIsImlhdCI6MTcxOTk2NTIzMSwiZXhwIjoxNzE5OTY1ODMxfQ.4eijNospa61Bjb5WUfqOt1PbY6luS4GdWy5rLmXZPeSvnJV27uXCgiPi2hZUzetLnpZXwNRscXQSB_KoftfzVw':
SecurityContextHolderAwareRequestWrapper[ org.springframework.security.web.header.HeaderWriterFilter$HeaderWriterRequest@453ba642]
servletPath:/eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJ1c2VyMUBleGFtcGxlLmNvbSIsImlhdCI6MTcxOTk2NTIzMSwiZXhwIjoxNzE5OTY1ODMxfQ.4eijNospa61Bjb5WUfqOt1PbY6luS4GdWy5rLmXZPeSvnJV27uXCgiPi2hZUzetLnpZXwNRscXQSB_KoftfzVw
pathInfo:null
headers:
content-type: application/json
user-agent: PostmanRuntime/7.39.0
accept: */*
postman-token: 351883fe-79a7-478a-833c-81b7cb446b4c
host: localhost:8080
accept-encoding: gzip, deflate, br
connection: keep-alive
content-length: 69
Security filter chain: [
DisableEncodeUrlFilter
WebAsyncManagerIntegrationFilter
SecurityContextHolderFilter
HeaderWriterFilter
CorsFilter
LogoutFilter
JwtAuthFilter
RequestCacheAwareFilter
SecurityContextHolderAwareRequestFilter
AnonymousAuthenticationFilter
SessionManagementFilter
ExceptionTranslationFilter
AuthorizationFilter
]
************************************************************
2024-07-03T05:37:11.955+05:30 INFO 3420 --- [CRM-System] [nio-8080-exec-1] Spring Security Debugger :
************************************************************
Request received for POST '/error':
org.apache.catalina.core.ApplicationHttpRequest@31b0b42d
servletPath:/error
pathInfo:null
headers:
content-type: application/json
user-agent: PostmanRuntime/7.39.0
accept: */*
postman-token: 351883fe-79a7-478a-833c-81b7cb446b4c
host: localhost:8080
accept-encoding: gzip, deflate, br
connection: keep-alive
content-length: 69
Security filter chain: [
DisableEncodeUrlFilter
WebAsyncManagerIntegrationFilter
SecurityContextHolderFilter
HeaderWriterFilter
CorsFilter
LogoutFilter
JwtAuthFilter
RequestCacheAwareFilter
SecurityContextHolderAwareRequestFilter
AnonymousAuthenticationFilter
SessionManagementFilter
ExceptionTranslationFilter
AuthorizationFilter
]
************************************************************
мой класс обслуживания jwt
package com.crmsystem.backend.CRM.System.filter;
import io.jsonwebtoken.*;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.io.Encoders;
import io.jsonwebtoken.security.Keys;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import javax.crypto.SecretKey;
import java.security.Key;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
@Component
public class JwtService {
private static final Logger logger = LoggerFactory.getLogger(JwtService.class);
SecretKey key = Jwts.SIG.HS512.key().build(); //or HS384.key() or HS512.key())
String secretString = Encoders.BASE64.encode(key.getEncoded());
public String generateToken(String username) {
logger.info("Generating token for username: {}", username);
Map claims = new HashMap();
String token = createToken(claims, username);
logger.info("Generated Token: {}", token);
return token;
}
private String createToken(Map claims, String username) {
logger.debug("Creating token with claims: {} and username: {}", claims, username);
return Jwts.builder()
.claims(claims)
.subject(username)
.issuedAt(new Date(System.currentTimeMillis()))
.expiration(new Date(System.currentTimeMillis() + 1000 * 60 * 10))
.signWith(getSignKey())
.compact();
}
public String getUserNameFromJwtToken(String token)
{
return Jwts.parser()
.verifyWith((SecretKey) getSignKey())
.build().parseSignedClaims(token)
.getPayload().getSubject();
}
private Key getSignKey() {
logger.debug("Decoding secret key");
SecretKey key=Keys.hmacShaKeyFor(Decoders.BASE64.decode(secretString));
return key;
}
public boolean validateJwtToken(String authToken)
{
try{
System.out.println("Validate");
Jwts.parser().verifyWith((SecretKey) getSignKey()).build()
.parseSignedClaims(authToken);
return true;
}catch (MalformedJwtException e)
{
logger.error("Invalid JWT token: {}",e.getMessage());
}
catch(ExpiredJwtException e)
{
logger.error("JWT token is expired: {}",e.getMessage());
}
catch (UnsupportedJwtException e)
{
logger.error("JWT token is unsupported: {}",e.getMessage());
}
catch (IllegalArgumentException e)
{
logger.error("JWT claims string is empty: {}",e.getMessage());
}
return false;
}
}
Класс фильтра
package com.crmsystem.backend.CRM.System.filter;
import com.crmsystem.backend.CRM.System.config.UserInfoUserDetailsService;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import java.io.IOException;
@Component
public class JwtAuthFilter extends OncePerRequestFilter {
@Autowired
private JwtService jwtService;
@Autowired
private UserInfoUserDetailsService detailsService;
private static final Logger logger = LoggerFactory.getLogger(JwtAuthFilter.class);
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
String authheader = request.getHeader("Authorization");
String token = null;
String username = null;
if (authheader != null && authheader.startsWith("Bearer ")) {
token = authheader.substring(7);
username = jwtService.getUserNameFromJwtToken(token);
}
logger.debug("JwtAuthFilter called for URI: {}", request.getRequestURI());
try {
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
UserDetails userDetails = detailsService.loadUserByUsername(username);
if (jwtService.validateJwtToken(token)) {
UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authToken);
}
}
}catch (Exception e)
{
logger.error("Cannot set user authentication: {} ",e);
}
filterChain.doFilter(request,response);
}
}
Класс конфигурации
package com.crmsystem.backend.CRM.System.config;
import com.crmsystem.backend.CRM.System.filter.JwtAuthFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.firewall.StrictHttpFirewall;
@Configuration
@EnableWebSecurity
@EnableMethodSecurity
public class SecurityConfig {
@Autowired
private JwtAuthFilter jwtAuthFilter;
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception
{
http.csrf(AbstractHttpConfigurer::disable).authorizeHttpRequests((request) -> request.requestMatchers("/create-token","/register").permitAll()
.anyRequest().authenticated());
http.sessionManagement((session)->session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
http.authenticationProvider(authenticationProvider());
http.addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class);
//http.httpBasic((Customizer.withDefaults()));
//http.formLogin(Customizer.withDefaults());
//http.headers((headers)->headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin));
return http.build();
}
@Bean
public UserDetailsService userDetailsService() {
//Create User using inBuilt UserDetails Class
// UserDetails user1 = User.withUsername("user1")
// .password(passwordEncoder().encode("$2a$10$OK.lOSLZn0HXeq7VoCRkBeuypTifSfVIvc6B2Go6Zxp2c9Fc/nUGe"))
// .roles("USER")
// .build();
//
// UserDetails user2 = User.withUsername("user2")
// .password(passwordEncoder().encode("$2a$10$qEtlZo9lakqVHRXcuJeENul4nkhE.tDmB1FjxrjvPaBUw3S/9bsue"))
// .roles("ADMIN")
// .build();
//Fetch the user's info from database
return new UserInfoUserDetailsService();
}
@Bean
public PasswordEncoder passwordEncoder()
{
return new BCryptPasswordEncoder();
}
@Bean
public AuthenticationProvider authenticationProvider()
{
DaoAuthenticationProvider daoAuthenticationProvider=new DaoAuthenticationProvider();
daoAuthenticationProvider.setUserDetailsService(userDetailsService());
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder());
return daoAuthenticationProvider;
}
@Bean
public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception
{
return authenticationConfiguration.getAuthenticationManager();
}
@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
return (web) -> web.debug(true);
}
@Bean
public StrictHttpFirewall allowUrlEncodedSlashHttpFirewall() {
StrictHttpFirewall firewall = new StrictHttpFirewall();
firewall.setAllowUrlEncodedSlash(true);
return firewall;
}
}
Класс контроллера
package com.crmsystem.backend.CRM.System.controller;
import com.crmsystem.backend.CRM.System.filter.JwtService;
import com.crmsystem.backend.CRM.System.Services.UserService;
import com.crmsystem.backend.CRM.System.dto.AuthRequest;
import com.crmsystem.backend.CRM.System.entities.User;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import java.util.*;
@Controller
public class UserController {
@Autowired
private UserService userService;
@Autowired
private JwtService jwtService;
@Autowired
private AuthenticationManager authenticationManager;
@PostMapping("/register")
public ResponseEntity register(@RequestBody List users) {
if (users.isEmpty()) {
return ResponseEntity.status(HttpStatus.BAD_REQUEST).build();
}
List registeredUsers = new ArrayList();
for (User user : users) {
registeredUsers.add(userService.registerUsers(user));
}
return ResponseEntity.ok(registeredUsers);
}
@PostMapping("/user-login")
@PreAuthorize("hasRole('ROLE_USER')")
public ResponseEntity login(@RequestBody Map credentials) {
if(!credentials.containsKey("username") || !credentials.containsKey("password"))
{
return ResponseEntity.status((HttpStatus.BAD_REQUEST)).build();
}
String username = credentials.get("username");
String password = credentials.get("password");
User loggedInUser = userService.loginUser(username, password);
return ResponseEntity.ok(loggedInUser);
}
@GetMapping("/getAllUser")
@PreAuthorize("hasRole('ROLE_ADMIN')")
public ResponseEntity getAllUser()
{
List users=userService.getAllUser();
if(users.isEmpty())
{
return ResponseEntity.status((HttpStatus.BAD_REQUEST)).build();
}
return ResponseEntity.ok(users);
}
@GetMapping("/getUserById/{userId}")
@PreAuthorize("hasRole('USER')")
public ResponseEntity getUserByUserId(@PathVariable long userId)
{
Optional user=userService.getUserById(userId);
if(user.isEmpty())
{
return ResponseEntity.status(HttpStatus.NOT_FOUND).build();
}
return ResponseEntity.ok(user);
}
@PostMapping("/create-token")
public String authenticateAndGetToken(@RequestBody AuthRequest authRequest)
{
Authentication authentication=authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(authRequest.getUsername(),authRequest.getPassword()));
if(authentication.isAuthenticated())
{
return jwtService.generateToken(authRequest.getUsername());
}
else {
throw new UsernameNotFoundException("invalid user request");
}
}
}
Подробнее здесь: [url]https://stackoverflow.com/questions/78699655/getting-403-error-code-in-postman-while-generating-jwt-token-in-spring-boot-usin[/url]
Ответить
1 сообщение
• Страница 1 из 1
Перейти
- Кемерово-IT
- ↳ Javascript
- ↳ C#
- ↳ JAVA
- ↳ Elasticsearch aggregation
- ↳ Python
- ↳ Php
- ↳ Android
- ↳ Html
- ↳ Jquery
- ↳ C++
- ↳ IOS
- ↳ CSS
- ↳ Excel
- ↳ Linux
- ↳ Apache
- ↳ MySql
- Детский мир
- Для души
- ↳ Музыкальные инструменты даром
- ↳ Печатная продукция даром
- Внешняя красота и здоровье
- ↳ Одежда и обувь для взрослых даром
- ↳ Товары для здоровья
- ↳ Физкультура и спорт
- Техника - даром!
- ↳ Автомобилистам
- ↳ Компьютерная техника
- ↳ Плиты: газовые и электрические
- ↳ Холодильники
- ↳ Стиральные машины
- ↳ Телевизоры
- ↳ Телефоны, смартфоны, плашеты
- ↳ Швейные машинки
- ↳ Прочая электроника и техника
- ↳ Фототехника
- Ремонт и интерьер
- ↳ Стройматериалы, инструмент
- ↳ Мебель и предметы интерьера даром
- ↳ Cантехника
- Другие темы
- ↳ Разное даром
- ↳ Давай меняться!
- ↳ Отдам\возьму за копеечку
- ↳ Работа и подработка в Кемерове
- ↳ Давай с тобой поговорим...
