[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"question-spring-kak-nastroit-autentifikatsiyu-na-osnove-jwt-v-spring-security":3},{"id":4,"slug":5,"topicId":6,"topicSlug":7,"topicName":8,"topicEmoji":9,"question":10,"answer":11,"codeLang":12,"codeSrc":12,"important":12,"commonMistakes":12,"modernUsage":12,"difficulty":13,"tags":14,"related":15,"progress":16,"seo":17},650,"kak-nastroit-autentifikatsiyu-na-osnove-jwt-v-spring-security",14,"spring","Spring","🌱","Как Π½Π°ΡΡ‚Ρ€ΠΎΠΈΡ‚ΡŒ Π°ΡƒΡ‚Π΅Π½Ρ‚ΠΈΡ„ΠΈΠΊΠ°Ρ†ΠΈΡŽ Π½Π° основС JWT Π² Spring Security?","JWT (JSON Web Token) -- ΠΊΠΎΠΌΠΏΠ°ΠΊΡ‚Π½Ρ‹ΠΉ самодостаточный Ρ„ΠΎΡ€ΠΌΠ°Ρ‚ Ρ‚ΠΎΠΊΠ΅Π½Π° для Π°ΡƒΡ‚Π΅Π½Ρ‚ΠΈΡ„ΠΈΠΊΠ°Ρ†ΠΈΠΈ Π² REST API. Π‘Ρ‚Ρ€ΡƒΠΊΡ‚ΡƒΡ€Π°: `HEADER.PAYLOAD.SIGNATURE`.\n\n\u003Cdetails>\n\u003Csummary>JwtTokenProvider -- гСнСрация ΠΈ валидация Ρ‚ΠΎΠΊΠ΅Π½ΠΎΠ²\u003C\u002Fsummary>\n\n```java\n@Component\npublic class JwtTokenProvider {\n\n @Value(\"${jwt.secret}\")\n private String secret;\n\n @Value(\"${jwt.expiration-ms}\")\n private long expirationMs;\n\n private SecretKey getSigningKey() {\n return Keys.hmacShaKeyFor(Decoders.BASE64.decode(secret));\n }\n\n public String generateToken(UserDetails userDetails) {\n Map\u003CString, Object> claims = new HashMap\u003C>();\n claims.put(\"roles\", userDetails.getAuthorities().stream()\n .map(GrantedAuthority::getAuthority).collect(Collectors.toList()));\n return Jwts.builder()\n .claims(claims)\n .subject(userDetails.getUsername())\n .issuedAt(new Date())\n .expiration(new Date(System.currentTimeMillis() + expirationMs))\n .signWith(getSigningKey())\n .compact();\n }\n\n public String getUsernameFromToken(String token) {\n return Jwts.parser().verifyWith(getSigningKey()).build()\n .parseSignedClaims(token).getPayload().getSubject();\n }\n\n public boolean validateToken(String token) {\n try {\n Jwts.parser().verifyWith(getSigningKey()).build().parseSignedClaims(token);\n return true;\n } catch (JwtException | IllegalArgumentException e) {\n return false;\n }\n }\n}\n```\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>JwtAuthenticationFilter\u003C\u002Fsummary>\n\n```java\n@Component\npublic class JwtAuthenticationFilter extends OncePerRequestFilter {\n\n @Autowired private JwtTokenProvider tokenProvider;\n @Autowired private UserDetailsService userDetailsService;\n\n @Override\n protected void doFilterInternal(HttpServletRequest request,\n HttpServletResponse response,\n FilterChain filterChain) throws ServletException, IOException {\n String token = extractToken(request);\n if (token != null && tokenProvider.validateToken(token)) {\n String username = tokenProvider.getUsernameFromToken(token);\n UserDetails userDetails = userDetailsService.loadUserByUsername(username);\n UsernamePasswordAuthenticationToken authentication =\n new UsernamePasswordAuthenticationToken(\n userDetails, null, userDetails.getAuthorities());\n SecurityContextHolder.getContext().setAuthentication(authentication);\n }\n filterChain.doFilter(request, response);\n }\n\n private String extractToken(HttpServletRequest request) {\n String header = request.getHeader(\"Authorization\");\n if (header != null && header.startsWith(\"Bearer \")) {\n return header.substring(7);\n }\n return null;\n }\n}\n```\n\n\u003C\u002Fdetails>\n\n### ΠšΠΎΠ½Ρ‚Ρ€ΠΎΠ»Π»Π΅Ρ€ Π°ΡƒΡ‚Π΅Π½Ρ‚ΠΈΡ„ΠΈΠΊΠ°Ρ†ΠΈΠΈ\n\n```java\n@RestController\n@RequestMapping(\"\u002Fapi\u002Fauth\")\npublic class AuthController {\n @PostMapping(\"\u002Flogin\")\n public ResponseEntity\u003CAuthResponse> login(@RequestBody @Valid LoginRequest request) {\n Authentication auth = authenticationManager.authenticate(\n new UsernamePasswordAuthenticationToken(request.getUsername(), request.getPassword()));\n String token = tokenProvider.generateToken((UserDetails) auth.getPrincipal());\n return ResponseEntity.ok(new AuthResponse(token));\n }\n}\n```\n\n> **На собСсСдовании:** ΠΏΠΎΠΊΠ°ΠΆΠΈΡ‚Π΅ ΠΏΠΎΠ½ΠΈΠΌΠ°Π½ΠΈΠ΅ ΠΏΠΎΠ»Π½ΠΎΠ³ΠΎ flow: Π»ΠΎΠ³ΠΈΠ½ -> гСнСрация Ρ‚ΠΎΠΊΠ΅Π½Π° -> Ρ„ΠΈΠ»ΡŒΡ‚Ρ€ ΠΈΠ·Π²Π»Π΅ΠΊΠ°Π΅Ρ‚ ΠΈ провСряСт Ρ‚ΠΎΠΊΠ΅Π½ -> установка SecurityContext. Частая ошибка -- Ρ…Ρ€Π°Π½ΠΈΡ‚ΡŒ JWT-сСкрСт Π² ΠΊΠΎΠ΄Π΅, Π΄Π΅Π»Π°Ρ‚ΡŒ слишком Π΄ΠΎΠ»Π³ΠΈΠΉ TTL access-Ρ‚ΠΎΠΊΠ΅Π½Π° (рСкомСндуСтся 15-30 ΠΌΠΈΠ½ΡƒΡ‚), Π½Π΅ ΠΎΠ±Ρ€Π°Π±Π°Ρ‚Ρ‹Π²Π°Ρ‚ΡŒ истСчСниС Ρ‚ΠΎΠΊΠ΅Π½Π° (500 вмСсто 401).","","senior",[7],[],null,{"title":18,"description":19,"ogTitle":18,"ogDescription":20,"keywords":21,"schemaAnswer":19,"featuredSnippetReady":22},"Как Π½Π°ΡΡ‚Ρ€ΠΎΠΈΡ‚ΡŒ Π°ΡƒΡ‚Π΅Π½Ρ‚ΠΈΡ„ΠΈΠΊΠ°Ρ†ΠΈΡŽ Π½Π° основС JWT Π² Spring Security β€” Gymterview","JWT (JSON Web Token) -- ΠΊΠΎΠΌΠΏΠ°ΠΊΡ‚Π½Ρ‹ΠΉ самодостаточный Ρ„ΠΎΡ€ΠΌΠ°Ρ‚ Ρ‚ΠΎΠΊΠ΅Π½Π° для Π°ΡƒΡ‚Π΅Π½Ρ‚ΠΈΡ„ΠΈΠΊΠ°Ρ†ΠΈΠΈ Π² REST API. Π‘Ρ‚Ρ€ΡƒΠΊΡ‚ΡƒΡ€Π°: `HEADER.PAYLOAD.SIGNATURE`.","JWT (JSON Web Token) -- ΠΊΠΎΠΌΠΏΠ°ΠΊΡ‚Π½Ρ‹ΠΉ самодостаточный Ρ„ΠΎΡ€ΠΌΠ°Ρ‚ Ρ‚ΠΎΠΊΠ΅Π½Π° для Π°ΡƒΡ‚Π΅Π½Ρ‚ΠΈΡ„ΠΈΠΊΠ°Ρ†ΠΈΠΈ Π² REST API. Π‘Ρ‚Ρ€ΡƒΠΊΡ‚ΡƒΡ€Π°: `HEADER.PAYLO",[7,13],true]