背景,jHipster自動生成的springBoot和angularJs前后台端分離的項目。java后台為了取到當前登錄者的信息,所以后台開放了
MicroserviceSecurityConfiguration.java 這個類的注解
//開放前 #@Configuration #@EnableWebSecurity #@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) public class MicroserviceSecurityConfiguration extends WebSecurityConfigurerAdapter { private final TokenProvider tokenProvider; public MicroserviceSecurityConfiguration(TokenProvider tokenProvider) { this.tokenProvider = tokenProvider; } @Override public void configure(WebSecurity web) throws Exception { web.ignoring() .antMatchers(HttpMethod.OPTIONS, "/**") .antMatchers("/app/**/*.{js,html}") .antMatchers("/bower_components/**") .antMatchers("/i18n/**") .antMatchers("/content/**") .antMatchers("/swagger-ui/index.html") .antMatchers("/test/**") .antMatchers("/h2-console/**"); } @Override protected void configure(HttpSecurity http) throws Exception { http .csrf() .disable() .headers() .frameOptions() .disable() .and() .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and() .authorizeRequests() .antMatchers("/api/**").authenticated() .antMatchers("/management/health").permitAll() .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/swagger-resources/configuration/ui").permitAll() .and() .apply(securityConfigurerAdapter()); } private JWTConfigurer securityConfigurerAdapter() { return new JWTConfigurer(tokenProvider); } @Bean public SecurityEvaluationContextExtension securityEvaluationContextExtension() { return new SecurityEvaluationContextExtension(); } }
//開放后 package com.famessoft.oplus.cac.config; import com.famessoft.oplus.cac.security.AuthoritiesConstants; import com.famessoft.oplus.cac.security.jwt.JWTConfigurer; import com.famessoft.oplus.cac.security.jwt.TokenProvider; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension; @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) public class MicroserviceSecurityConfiguration extends WebSecurityConfigurerAdapter { private final TokenProvider tokenProvider; public MicroserviceSecurityConfiguration(TokenProvider tokenProvider) {//開放注解后,這里會報,could not autowire,no beans of 'TokenProvider' type found.不用管這個錯,這個錯不影響程運行 this.tokenProvider = tokenProvider; } @Override public void configure(WebSecurity web) throws Exception { web.ignoring() .antMatchers(HttpMethod.OPTIONS, "/**") .antMatchers("/app/**/*.{js,html}") .antMatchers("/bower_components/**") .antMatchers("/i18n/**") .antMatchers("/content/**") .antMatchers("/swagger-ui/index.html") .antMatchers("/test/**") .antMatchers("/h2-console/**"); } @Override protected void configure(HttpSecurity http) throws Exception { http .csrf() .disable() .headers() .frameOptions() .disable() .and() .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS) .and() .authorizeRequests() .antMatchers("/api/**").authenticated() .antMatchers("/management/health").permitAll() .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN) .antMatchers("/swagger-resources/configuration/ui").permitAll() .and() .apply(securityConfigurerAdapter()); } private JWTConfigurer securityConfigurerAdapter() { return new JWTConfigurer(tokenProvider); } @Bean public SecurityEvaluationContextExtension securityEvaluationContextExtension() { return new SecurityEvaluationContextExtension(); } }
然后使用
SecurityUtils.getCurrentUserLogin()獲取系統當前登錄者信息
我在本地測試沒問題。但是打包放到生產就報下面這個錯,很郁悶,找了一下午才找到原因
c.f.o.cac.security.jwt.TokenProvider : Invalid JWT signature.
原來是我生產的配置文件配的不對
application-dev.yml
jhipster:
http:
version: V_1_1 # To use HTTP/2 you will need SSL support (see above the "server.ssl" configuration)
cache: # Cache configuration
hazelcast: # Hazelcast distributed cache
time-to-live-seconds: 3600
backup-count: 1
# CORS is disabled by default on microservices, as you should access them through a gateway.
# If you want to enable it, please uncomment the configuration below.
cors:
allowed-origins: "*"
allowed-methods: "*"
allowed-headers: "*"
# exposed-headers: "Authorization"
# allow-credentials: true
max-age: 1800
security:
authentication:
jwt:
secret: my-secret-token-to-change-in-production
# Token is valid 24 hours
token-validity-in-seconds: 86400
token-validity-in-seconds-for-remember-me: 2592000
application-prod.yml
jhipster: http: version: V_1_1 # To use HTTP/2 you will need SSL support (see above the "server.ssl" configuration) cache: # Used by the CachingHttpHeadersFilter timeToLiveInDays: 1461 cache: # Cache configuration hazelcast: # Hazelcast distributed cache time-to-live-seconds: 3600 backup-count: 1 # CORS is disabled by default on microservices, as you should access them through a gateway. # If you want to enable it, please uncomment the configuration below. cors: allowed-origins: "*" allowed-methods: "*" allowed-headers: "*" # exposed-headers: "Authorization" # allow-credentials: true max-age: 1800 security: authentication: jwt: # secret: e2d66542649f38de03a5443a6bddd1ce18f0fe13 #####這是改之前的代碼,后台不認識這串字符串,所以secret的命名前后最后一致(默認就是my-secret-token-to-change-in-production), 這里最后命名為字符常規可讀的字符串,不需要加密
secret: my-secret-token-to-change-in-production
# Token is valid 24 hours
token-validity-in-seconds: 86400
token-validity-in-seconds-for-remember-me: 2592000