C
Size: a a a
C
AL
url
- /api/v1/common
. Но спринг все равно пытается провести авторизацию через фильтр. http.authorizeRequests()
.requestMatchers(PUBLIC_URLS)
.permitAll();
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.exceptionHandling()
.authenticationEntryPoint(this.authenticationEntryPoint)
.and()
.addFilterBefore(this.jwtRequestFilter, UsernamePasswordAuthenticationFilter.class)
.authorizeRequests()
.requestMatchers(PROTECTED_URLS)
.authenticated();
AL
public void configure(WebSecurity web)
не помогает тоже. Не понимаю в чем беда.k
k
AL
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.exceptionHandling()
.authenticationEntryPoint(this.authenticationEntryPoint)
.and()
.addFilterBefore(this.jwtRequestFilter, UsernamePasswordAuthenticationFilter.class)
.authorizeRequests()
.requestMatchers(PROTECTED_URLS)
.authenticated()
.and()
.authorizeRequests()
.requestMatchers(PUBLIC_URLS)
.permitAll();
k
AL
new OrRequestMatcher(
new AntPathRequestMatcher("/"),
new AntPathRequestMatcher("/index"),
new AntPathRequestMatcher("/public/**"),
new AntPathRequestMatcher("/static/**"),
new AntPathRequestMatcher("/webjars/**"),
new AntPathRequestMatcher("/index.html"),
new AntPathRequestMatcher("/resource/**"),
new AntPathRequestMatcher("/favicon.ico"),
new AntPathRequestMatcher("/actuator/**"),
new AntPathRequestMatcher("/h2-console/**"),
new AntPathRequestMatcher("/v2/api-docs"),
new AntPathRequestMatcher("/v2/api-docs/**"),
new AntPathRequestMatcher("/swagger-resources/**"),
new AntPathRequestMatcher("/swagger-ui.html"),
new AntPathRequestMatcher("/manifest.json"),
new AntPathRequestMatcher("/**/favicon.ico"),
new AntPathRequestMatcher("/api/v1/auth/**"),
new AntPathRequestMatcher("/api/v1/admin/**"),
new AntPathRequestMatcher("/api/v1/common"),
new AntPathRequestMatcher("/api/v1/common/**"),
new AntPathRequestMatcher("/api/v1/confirmation/**"),
new AntPathRequestMatcher("/websocket/**")
);
RS
url
- /api/v1/common
. Но спринг все равно пытается провести авторизацию через фильтр. http.authorizeRequests()
.requestMatchers(PUBLIC_URLS)
.permitAll();
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.exceptionHandling()
.authenticationEntryPoint(this.authenticationEntryPoint)
.and()
.addFilterBefore(this.jwtRequestFilter, UsernamePasswordAuthenticationFilter.class)
.authorizeRequests()
.requestMatchers(PROTECTED_URLS)
.authenticated();
authorizeRequests()
вы настраиваете авторизацию, а не аутентификациюRS
RS
Y
url
- /api/v1/common
. Но спринг все равно пытается провести авторизацию через фильтр. http.authorizeRequests()
.requestMatchers(PUBLIC_URLS)
.permitAll();
http
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.exceptionHandling()
.authenticationEntryPoint(this.authenticationEntryPoint)
.and()
.addFilterBefore(this.jwtRequestFilter, UsernamePasswordAuthenticationFilter.class)
.authorizeRequests()
.requestMatchers(PROTECTED_URLS)
.authenticated();
RS
AL
AL
RS
AL
@Component
@RequiredArgsConstructor
public class JwtRequestFilter extends OncePerRequestFilter {
private final UserPrincipalServiceImpl userDetailsService;
private final AuthenticationConfiguration authenticationConfiguration;
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
String token = this.authenticationConfiguration.resolveToken(request);
if (this.authenticationConfiguration.validateToken(token)&& SecurityContextHolder.getContext().getAuthentication() == null) {
Claims tokenBody = this.authenticationConfiguration.getTokenBody(token);
UserDetails userDetails = this.userDetailsService.loadUserByUsername(tokenBody.get("email", String.class));
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
}
chain.doFilter(request, response);
}
}
AL
.addFilterBefore(this.jwtRequestFilter, UsernamePasswordAuthenticationFilter.class)
RS