bfwg / springboot-jwt-starter Goto Github PK
View Code? Open in Web Editor NEWA Spring Boot JWT starter kit for stateless and token-based authentication apps.
Home Page: https://jwt.fanjin.io
License: MIT License
A Spring Boot JWT starter kit for stateless and token-based authentication apps.
Home Page: https://jwt.fanjin.io
License: MIT License
I use postman to test backend part right now. If I didn't authenticate, it return 403, which is correct. But once I submit the post request with login username and password, return back the token, then I call /whoami, it will still return response to me without verify the header contains the jwt token or not.
In my understanding, for every request that need privilege, like trying to get the response from /whoami, it need to authenticate first, get the jwt token, and then verify the token in the header?
Tests for:
unable to upload file. can you add multipart uploading using rest apis.
using multipart/form-data from postman i got error like
Could not parse multipart servlet request; nested exception is java.io.IOException: org.apache.tomcat.util.http.fileupload.FileUploadException: the request was rejected because no multipart boundary was found
localhost:8080/auth/refresh
got the bellow response:
{
"access_token": null,
"expires_in": null
}
Hi,
Could you please update the starter to angular4? which is different largely to angular 1.x, Thanks.
Hi,
When I launch this http request with postman, the api rest works perfect.
http://localhost:8080/auth/login
POST
json application
{"username":"user","password":"123"}
But when I try the same action from angular application returns 404 error.
I have study to have the api rest in http://localhost:8080 and the frontend in http://localhost:4200 and this makes a problem with CORS (cross origin) when the call is from a browser.
You have solved this in angular starter jwt kit with uses a proxy, but this is a solution for dev mode, but not for production mode.
The api rest (spring boot source code) should have CORS enabled.
I have make this in AuthenticationController.java:
@CrossOrigin(origins = "http://localhost:4200")
@RequestMapping(value = "/login", method = RequestMethod.POST)
And in angular.component.ts
import { Component, OnInit } from '@angular/core';
import { HttpClient, HttpHeaders } from "@angular/common/http";
@Component({
selector: 'app-root',
templateUrl: './app.component.html',
styleUrls: ['./app.component.css']
})
export class AppComponent implements OnInit {
title = 'app';
results = '';
constructor(private http: HttpClient){
}
ngOnInit(): void {
let body = {"username":"user","password":"123"};
//let options = { headers: new HttpHeaders({ 'Content-Type': 'application/json' }) };
this.http.post('http:/localhost:8080/auth/login', body)
.subscribe(data => {
console.log(data);
}
);
}
}
But not works, can you help me?
Thanks so much!!
Xavier.
Upgraded into Spring Boot 3.3.0 version 🫸🌀✏️📗 🐧🐳⬆
I overwrite the SimpleUrlAuthenticationFailureHandler
onAuthenticationFailure
method,but it doesn't work
@Component
public class AuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
"认证失败啦");
// super.onAuthenticationFailure(request, response, exception);
}
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers(HttpMethod.POST, "/login").permitAll()
.antMatchers("/test").permitAll()
.anyRequest().authenticated()
.and()
.addFilterBefore(new LoginFilter("/login", authenticationManager()),
UsernamePasswordAuthenticationFilter.class)
.addFilterBefore(new AuthenticationFilter(),
UsernamePasswordAuthenticationFilter.class)
.formLogin()
.failureHandler(authenticationFailureHandler);
}
As a user, I want to be able to extend my SSO.
Implement an endpoint that extend the TTL of the JWT when the JWT is valid.
when click login, no any response, also no any message in chrome console. no any request was sent to the backend. The following is my pom.xml.
4.0.0
<groupId>com.example</groupId>
<artifactId>demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>springboot-security-jwt</name>
<description>Demo project for Spring Boot</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.2.RELEASE</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.7.0</version>
</dependency>
<dependency>
<groupId>joda-time</groupId>
<artifactId>joda-time</artifactId>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.webjars.bower</groupId>
<artifactId>angular</artifactId>
<version>1.6.4</version>
</dependency>
<dependency>
<groupId>org.webjars.bower</groupId>
<artifactId>angular-cookies</artifactId>
<version>1.6.4</version>
</dependency>
<dependency>
<groupId>org.webjars.bower</groupId>
<artifactId>angular-route</artifactId>
<version>1.6.4</version>
</dependency>
<dependency>
<groupId>org.webjars</groupId>
<artifactId>bootstrap</artifactId>
<version>3.3.7</version>
</dependency>
<dependency>
<groupId>org.webjars.bower</groupId>
<artifactId>jquery</artifactId>
<version>1.11.1</version>
</dependency>
<dependency>
<groupId>org.webjars.bower</groupId>
<artifactId>material-design-lite</artifactId>
<version>1.3.0</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>io.rest-assured</groupId>
<artifactId>spring-mock-mvc</artifactId>
<version>3.0.0</version>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
can i add jackson dependency as it is not compiling
I am new to Security, and this issue is confusing me.
TestController
@RestController
public class Test {
@GetMapping("/test")
public ResponseEntity<String > test(){
System.out.println("Response body: " + "hello");
return ResponseEntity.ok(" hello ");
}
}
My console is not printing any statements. What should I do next to solve this
SecurityConfig
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig {
public static final String[] EXCLUDE_PATH = {
"/webjars/**",
"/favicon.ico",
"/captcha",
"/user/login",
"/user/logout",
"/test"
};
@Autowired
private CustomAuthenticationEntryPoint customAuthenticationEntryPoint;
@Autowired
private UserDetailsService customUserDetailsService;
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(customUserDetailsService)
.passwordEncoder(passwordEncoder());
}
@Bean
public AuthenticationManager authenticationManagerBean(AuthenticationConfiguration authenticationConfiguration) throws Exception {
return authenticationConfiguration.getAuthenticationManager();
}
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.cors().and()
.csrf().disable()
.exceptionHandling().authenticationEntryPoint(customAuthenticationEntryPoint).and()
.authorizeRequests()
.antMatchers(EXCLUDE_PATH).permitAll()
.anyRequest().authenticated()
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
;
return http.build();
}
@Bean
WebSecurityCustomizer webSecurityCustomizer() {
return webSecurity -> {
webSecurity.ignoring().antMatchers(EXCLUDE_PATH);
};
}
}
需要修改pom.xml的java.version属性,改为本地的Java版本,重新mvn install。
There is a class "TokenBasedAuthentication" extends AbstractAuthenticationToken, "AnonAuthentication" also extends AbstractAuthenticationToken. what difference of the two? why need 2 class extends AbstractAuthenticationToken? Is it for Anonymous?
hi,how it work with java 10 or 11.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.