我正试图通过 Postman 访问我的api。在配置中,我已经设置/验证为允许的,但我总是得到401未经授权。
相关职能:
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity
// dont authenticate this particular request
.authorizeRequests().antMatchers("/authenticate").permitAll().
// all other requests need to be authenticated
anyRequest().authenticated().and().
// make sure we use stateless session; session won't be used to
// store user's state.
exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint).and().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// Add a filter to validate the tokens with every request
httpSecurity.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
}我的依赖关系
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
<artifactId>postgresql</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
<version>2.3.1.RELEASE</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.9.1</version>
</dependency>
</dependencies>任何帮助都将不胜感激
1条答案
按热度按时间oalqel3c1#
这里的问题是,即使您将Spring Security 配置为允许每个用户使用,您的请求也将通过与其他请求相同的安全链。我猜您对身份验证端点的调用在授权头中不包含任何内容,或者换句话说,您的令牌是空的,因此您得到的是401。在这种情况下,一种解决方案是对Spring Security 说,对于用于身份验证的url,请求不会通过安全链。您可以在spring安全配置中使用以下代码来实现这一点。
我希望这能解决你的问题。