Jhipster token签名异常——c.f.o.cac.security.jwt.TokenProvider : Invalid JWT signature.

  背景,jHipster自动生成的springBoot和angularJs前后台端分离的项目。java后台为了取到当前登录者的信息,所以后台开放了

MicroserviceSecurityConfiguration.java 这个类的注解
//开放前
#@Configuration
#@EnableWebSecurity
#@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class MicroserviceSecurityConfiguration extends WebSecurityConfigurerAdapter {

    private final TokenProvider tokenProvider;

    public MicroserviceSecurityConfiguration(TokenProvider tokenProvider) {
        this.tokenProvider = tokenProvider;
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring()
            .antMatchers(HttpMethod.OPTIONS, "/**")
            .antMatchers("/app/**/*.{js,html}")
            .antMatchers("/bower_components/**")
            .antMatchers("/i18n/**")
            .antMatchers("/content/**")
            .antMatchers("/swagger-ui/index.html")
            .antMatchers("/test/**")
            .antMatchers("/h2-console/**");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf()
            .disable()
            .headers()
            .frameOptions()
            .disable()
        .and()
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and()
            .authorizeRequests()
            .antMatchers("/api/**").authenticated()
            .antMatchers("/management/health").permitAll()
            .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
            .antMatchers("/swagger-resources/configuration/ui").permitAll()
        .and()
            .apply(securityConfigurerAdapter());
    }

    private JWTConfigurer securityConfigurerAdapter() {
        return new JWTConfigurer(tokenProvider);
    }

    @Bean
    public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
        return new SecurityEvaluationContextExtension();
    }
}
//开放后
package com.famessoft.oplus.cac.config;

import com.famessoft.oplus.cac.security.AuthoritiesConstants;
import com.famessoft.oplus.cac.security.jwt.JWTConfigurer;
import com.famessoft.oplus.cac.security.jwt.TokenProvider;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.data.repository.query.SecurityEvaluationContextExtension;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class MicroserviceSecurityConfiguration extends WebSecurityConfigurerAdapter {

    private final TokenProvider tokenProvider;

    public MicroserviceSecurityConfiguration(TokenProvider tokenProvider) {//开放注解后,这里会报,could not autowire,no beans of 'TokenProvider' type found.不用管这个错,这个错不影响程运行
        this.tokenProvider = tokenProvider;
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring()
            .antMatchers(HttpMethod.OPTIONS, "/**")
            .antMatchers("/app/**/*.{js,html}")
            .antMatchers("/bower_components/**")
            .antMatchers("/i18n/**")
            .antMatchers("/content/**")
            .antMatchers("/swagger-ui/index.html")
            .antMatchers("/test/**")
            .antMatchers("/h2-console/**");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf()
            .disable()
            .headers()
            .frameOptions()
            .disable()
        .and()
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and()
            .authorizeRequests()
            .antMatchers("/api/**").authenticated()
            .antMatchers("/management/health").permitAll()
            .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
            .antMatchers("/swagger-resources/configuration/ui").permitAll()
        .and()
            .apply(securityConfigurerAdapter());
    }

    private JWTConfigurer securityConfigurerAdapter() {
        return new JWTConfigurer(tokenProvider);
    }

    @Bean
    public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
        return new SecurityEvaluationContextExtension();
    }
}

然后使用

SecurityUtils.getCurrentUserLogin()获取系统当前登录者信息


我在本地测试没问题。但是打包放到生产就报下面这个错,很郁闷,找了一下午才找到原因

  c.f.o.cac.security.jwt.TokenProvider     : Invalid JWT signature.

 原来是我生产的配置文件配的不对

application-dev.yml

jhipster:
    http:
        version: V_1_1 # To use HTTP/2 you will need SSL support (see above the "server.ssl" configuration)
    cache: # Cache configuration
        hazelcast: # Hazelcast distributed cache
            time-to-live-seconds: 3600
            backup-count: 1
    # CORS is disabled by default on microservices, as you should access them through a gateway.
    # If you want to enable it, please uncomment the configuration below.
    cors:
        allowed-origins: "*"
        allowed-methods: "*"
        allowed-headers: "*"
        # exposed-headers: "Authorization"
        # allow-credentials: true
        max-age: 1800
    security:
        authentication:
            jwt:
                secret: my-secret-token-to-change-in-production
                # Token is valid 24 hours
                token-validity-in-seconds: 86400
                token-validity-in-seconds-for-remember-me: 2592000

application-prod.yml

jhipster:
    http:
        version: V_1_1 # To use HTTP/2 you will need SSL support (see above the "server.ssl" configuration)
        cache: # Used by the CachingHttpHeadersFilter
            timeToLiveInDays: 1461
    cache: # Cache configuration
        hazelcast: # Hazelcast distributed cache
            time-to-live-seconds: 3600
            backup-count: 1
    # CORS is disabled by default on microservices, as you should access them through a gateway.
    # If you want to enable it, please uncomment the configuration below.
    cors:
        allowed-origins: "*"
        allowed-methods: "*"
        allowed-headers: "*"
        # exposed-headers: "Authorization"
        # allow-credentials: true
        max-age: 1800
    security:
        authentication:
            jwt:
                # secret: e2d66542649f38de03a5443a6bddd1ce18f0fe13          #####这是改之前的代码,后台不认识这串字符串,所以secret的命名前后最后一致(默认就是my-secret-token-to-change-in-production), 这里最后命名为字符常规可读的字符串,不需要加密
          secret: my-secret-token-to-change-in-production 
          # Token is valid 24 hours
          token-validity-in-seconds: 86400
          token-validity-in-seconds-for-remember-me: 2592000

 

posted @ 2018-06-25 09:28  zouminglan  阅读(1562)  评论(0编辑  收藏  举报