带有安全配置和JWTauthenticationFilter

问题描述 投票:0回答:1
@Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .csrf(csrf -> csrf.disable()) .authorizeHttpRequests(auth -> auth .requestMatchers("/api/users/user/register").permitAll() .requestMatchers("/api/users/user/login").permitAll() .requestMatchers("/api/users/user/refresh-token").permitAll() .requestMatchers("/api/users/user/change-password").permitAll() .anyRequest().authenticated() ) .sessionManagement(session -> session .sessionCreationPolicy(SessionCreationPolicy.STATELESS) ) .authenticationProvider(authenticationProvider) .addFilterBefore(rateLimitingFilter, UsernamePasswordAuthenticationFilter.class) .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class); return http.build(); }

@Component @RequiredArgsConstructor public class JwtAuthenticationFilter extends OncePerRequestFilter { private final JwtService jwtService; private final UserDetailsService userDetailsService; .... @Override protected boolean shouldNotFilter(HttpServletRequest request) { String path = request.getServletPath(); return path.equals("/api/users/user/register") || path.equals("/api/users/user/login") || path.equals("/api/users/user/refresh-token") || path.equals("/api/users/user/change-password"); } } 
,尽管我在NoteFilter()中都排除了/api/user/user/refresh-toke,但是当我向此端点提出请求时,仍将应用jwtauthentication filter。

可能导致此问题是什么?
    

	


我通过更改解决了这个问题


String path = request.getServletPath(); 



java

spring-boot

authentication

filter

spring-security


1个回答




    
    
    

        

            

                

                    
0
投票

                    
                

            

        

        
to


String path = request.getRequestURI();

    

	



    

    


  

  

    
最新问题


  





  

    © www.soinside.com 2019 - 2025. All rights reserved.