Spring Boot安全性:JwtAuthentication和OAuth的结合使用

huangapple
未分类评论55阅读模式
英文:

Spring boot security JwtAuthentication and OAuth together

问题

我尝试着让jwtAuthentication在除了"/directory/auth"之外的所有路由上都起作用我需要这个路由使用oauth工作并返回jwt令牌但我无法让它们同时正常工作

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity.csrf().disable()
        .cors().configurationSource(corsConfigurationSource());
        /// 路由"/authenticate"是我的jwtAuthentication,"/directory/auth"是我的oauth
    httpSecurity.authorizeRequests()
        .antMatchers("/authenticate",
                    "/directory/auth").permitAll()
        .anyRequest().authenticated().and()
        .exceptionHandling()
        .authenticationEntryPoint(jwtAuthenticationEntryPoint)
        .and().sessionManagement()
        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and()
        // 尝试在一个路由上设置oauth
        .authorizeRequests()
        .antMatchers("/directory/auth").authenticated().and()
        .oauth2Login()
        .userInfoEndpoint()
        .oidcUserService(oidcUserService);

    // 其他过滤器
    httpSecurity.addFilterBefore(decryptInterceptor, UsernamePasswordAuthenticationFilter.class);
    httpSecurity.addFilterAfter(encryptInterceptor, UsernamePasswordAuthenticationFilter.class);
    httpSecurity.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
}

希望对您有所帮助。

英文:

i was trying that jwtAuthentication works on all routes except one "/directory/auth" this one i need that works with oauth and return a jwt token but i cant get that both work together

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
		    httpSecurity.csrf().disable()
			.cors().configurationSource(corsConfigurationSource());
            /// the route "/authenticate" is my jwtAuthentication and "/directory/auth" is my oauth 		
    	    httpSecurity.authorizeRequests()
    	    .antMatchers("/authenticate",
                    "/directory/auth").permitAll().
			    anyRequest().authenticated().and()
    	    .exceptionHandling()
    	    .authenticationEntryPoint(jwtAuthenticationEntryPoint)
    	    .and().sessionManagement()
		.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
		.and()
        // trying to set oauth on one route
		.authorizeRequests()
		.antMatchers("/directory/auth").authenticated().and()			
		.oauth2Login()
		.userInfoEndpoint()
		.oidcUserService(oidcUserService);
		
    //others filters
	httpSecurity.addFilterBefore(decryptInterceptor, UsernamePasswordAuthenticationFilter.class);
	httpSecurity.addFilterAfter(encryptInterceptor, UsernamePasswordAuthenticationFilter.class);
	httpSecurity.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
     
}

}

Thanks

huangapple
  • 本文由 发表于 2020年5月30日 05:35:21
  • 转载请务必保留本文链接:https://java.coder-hub.com/62094905.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定