Spring Security授权错误404 [已关闭]

gopyfrb3  于 2023-10-20  发布在  Spring
关注(0)|答案(1)|浏览(148)

**已关闭。**此问题需要debugging details。它目前不接受回答。

编辑问题以包括desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem。这将帮助其他人回答这个问题。
22天前关闭
Improve this question
我发送了一个Firebase令牌给Spring Security进行验证,当发出请求时,它被成功授权,但生成了一个404错误,我不明白为什么会发生这种情况。看看我如何下订单与下面的图片。

根据控制台消息,您可以看到请求已被授权,但生成了一个错误。

2023-09-26 10:47:46.574  INFO 13013 --- [nio-8080-exec-2] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring DispatcherServlet 'dispatcherServlet'
2023-09-26 10:47:46.574  INFO 13013 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet        : Initializing Servlet 'dispatcherServlet'
2023-09-26 10:47:46.575  INFO 13013 --- [nio-8080-exec-2] o.s.web.servlet.DispatcherServlet        : Completed initialization in 1 ms
2023-09-26 10:47:46.581 DEBUG 13013 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy        : Securing POST /users/extract-aud
2023-09-26 10:47:46.583 DEBUG 13013 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=UsernamePasswordAuthenticationToken [Principal=null, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[]]]
2023-09-26 10:47:46.584 DEBUG 13013 --- [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to SecurityContextImpl [Authentication=UsernamePasswordAuthenticationToken [Principal=null, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[]]]
2023-09-26 10:47:46.614 DEBUG 13013 --- [nio-8080-exec-2] o.s.s.w.a.i.FilterSecurityInterceptor    : Authorized filter invocation [POST /users/extract-aud] with attributes [authenticated]
2023-09-26 10:47:46.614 DEBUG 13013 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy        : Secured POST /users/extract-aud
2023-09-26 10:47:46.624 DEBUG 13013 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : Stored SecurityContextImpl [Authentication=UsernamePasswordAuthenticationToken [Principal=null, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[]]] to HttpSession [org.apache.catalina.session.StandardSessionFacade@403e3460]
2023-09-26 10:47:46.625 DEBUG 13013 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : Stored SecurityContextImpl [Authentication=UsernamePasswordAuthenticationToken [Principal=null, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[]]] to HttpSession [org.apache.catalina.session.StandardSessionFacade@403e3460]
2023-09-26 10:47:46.625 DEBUG 13013 --- [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2023-09-26 10:47:46.626 DEBUG 13013 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy        : Securing POST /error
2023-09-26 10:47:46.627 DEBUG 13013 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : Retrieved SecurityContextImpl [Authentication=UsernamePasswordAuthenticationToken [Principal=null, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[]]]
2023-09-26 10:47:46.627 DEBUG 13013 --- [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to SecurityContextImpl [Authentication=UsernamePasswordAuthenticationToken [Principal=null, Credentials=[PROTECTED], Authenticated=true, Details=null, Granted Authorities=[]]]
2023-09-26 10:47:46.627 DEBUG 13013 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy        : Secured POST /error
2023-09-26 10:47:46.664 DEBUG 13013 --- [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request

有没有人能提出一个建议来解决Spring Security设置中的这个问题?

import com.auth0.jwt.JWT
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken
import org.springframework.security.core.context.SecurityContextHolder
import org.springframework.web.filter.OncePerRequestFilter
import javax.servlet.FilterChain
import javax.servlet.http.HttpServletRequest
import javax.servlet.http.HttpServletResponse

class JwtTokenFilter(private val jwtSecret: String) : OncePerRequestFilter() {

    override fun doFilterInternal(
        request: HttpServletRequest,
        response: HttpServletResponse,
        filterChain: FilterChain
    ) {
        val token = extractToken(request)
        if (token != null) {
            try {
                val audClaim = JWT.decode(token).getClaim("aud").asString()
                if (audClaim == "878452355642-fhjstsrsbbldkodudhhtmn0876.apps.googleusercontent.com") {
                    val authentication = UsernamePasswordAuthenticationToken(null, null, emptyList())
                    SecurityContextHolder.getContext().authentication = authentication
                }
            } catch (e: Exception) {
                println(e)
            }
        }
        filterChain.doFilter(request, response)
    }

    private fun extractToken(request: HttpServletRequest): String? {
        val header = request.getHeader("Authorization")
        if (header != null && header.startsWith("Bearer ")) {
            return header.substring(7)
        }
        return null
    }
}



package com.wladimir.bakery.BakeryOurDream.config

import com.auth0.jwt.JWT
import org.springframework.beans.factory.annotation.Value
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.http.HttpStatus
import org.springframework.security.web.authentication.HttpStatusEntryPoint
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

@Configuration
@EnableWebSecurity
class SecurityConfig : WebSecurityConfigurerAdapter() {

    @Value("JKHSDKG0-oNselGYQy6IAGkjxEzI_jiouytyg") // Configure o segredo do JWT conforme necessário
    private lateinit var jwtSecret: String

    override fun configure(http: HttpSecurity) {
        http.csrf().disable()
            .authorizeRequests()
            .antMatchers("/users/extract-aud").authenticated() // Defina as regras de autorização conforme necessário
            .and()
            .addFilterBefore(jwtTokenFilter(), UsernamePasswordAuthenticationFilter::class.java)
            .exceptionHandling()
            .authenticationEntryPoint(HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED))
    }

    @Bean
    fun jwtTokenFilter(): JwtTokenFilter {
        return JwtTokenFilter(jwtSecret)
    }
}
spring-security

1条答案

按热度按时间
zlwx9yxi

zlwx9yxi1#

该问题与 spring security 无关。安全检查已经成功,因此spring-security将HTTP请求传递给spring-mvc进行处理。然而,spring-mvc发现没有端点具有URL /users/extract-aud,因此它返回HTTP 404 Not Found状态码。
所以你必须检查与spring-mvc相关的配置(例如@Controller@RestControllerWebMvcConfigurer@EnableWebMvcConfiguration等),而不是spring-security配置。

赞(0)分享  回复(0)举报  2023-10-20
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com