0

我有一个 android 客户端试图使用 api 休息服务

弹簧安全配置:

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {

        httpSecurity.csrf().disable()
                .authorizeRequests().antMatchers("/authenticateAPI").permitAll().
                anyRequest().authenticated().and().
                exceptionHandling().authenticationEntryPoint(jwtAuthenticationEntryPoint)
                .and().sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS);

        httpSecurity.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
    }

从邮递员我得到jwt:

在此处输入图像描述

但是......从Android客户端我在按下登录按钮时卡在build()中


public class ApiClient {
    public static final String BASE_URL = "http://192.168.0.64:8080/";
    private static Retrofit retrofit = null;

    public static Retrofit getClient() {

        if (retrofit == null) {
            Gson gson = new GsonBuilder()
                    .setLenient()
                    .create();

            retrofit = new Retrofit.Builder()
                    .baseUrl(BASE_URL)
                    .addConverterFactory(GsonConverterFactory.create(gson))
                    .build(); // I GET AN ERROR HERE
        }
        return retrofit;
    }
}

API 日志显示来自JwtFilter类的方法doFilterInternal的“JWT 令牌不以 Bearer 关键字开头”


protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
            throws ServletException, IOException {
        final String requestTokenHeader = request.getHeader("Authorization");

        String username = null;
        String jwtToken = null;

        if (requestTokenHeader != null && requestTokenHeader.startsWith("Bearer ")) {
            jwtToken = requestTokenHeader.substring(7);
            try {
                username = jwtTokenUtil.getUsernameFromToken(jwtToken);
            } catch (IllegalArgumentException e) {
                System.out.println("Unable to get JWT Token for this user");
            } catch (ExpiredJwtException e) {
                System.out.println("JWT Token has been expired"); **************HERE***************
            }
        } else {
            logger.warn("JWT Token do not start with Bearer keyword");
        }

因为 requestTokenHeader 为空,但是当我进行身份验证时我不需要令牌并且系统要求它。

如果设置为 ".authorizeRequests().antMatchers("/authenticateAPI").permitAll()"。

我认为问题出在春季安全设置中,但我看不到它,请帮助我

4

0 回答 0