dongwei4096
2015-12-15 10:46
浏览 162
已采纳

使用laravel 5.1和jwt使用cookie进行身份验证

I'm setting up a laravel app (v5.1) with jwt auth (https://github.com/tymondesigns/jwt-auth). Got a boilerplate from this project: https://github.com/francescomalatesta/laravel-api-boilerplate-jwt . This way I want to be able to authenticate different apps in the future.

My problem is that I'm trying to create some protected pages in the same project, but I'm currently unable to stop users without the cookie (not authenticated). To "protect" the access I have the following values in my $routeMiddleware (in Kernel.php):

'csrf' => \csd\Http\Middleware\VerifyCsrfToken::class,
'auth' => \csd\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'guest' => \csd\Http\Middleware\RedirectIfAuthenticated::class,
'jwt.refresh' => \Tymon\JWTAuth\Middleware\RefreshToken::class

I also tried to add 'jwt.auth' => \Tymon\JWTAuth\Middleware\GetUserFromToken::class to this array, but nothing changed.

How can I block users from accessing my pages while using this jwt-auth?

Thanks in advance.

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • douzhi9921 2015-12-15 10:51
    已采纳

    To apply it on all routes, you must put it in the $middleware, not the $routeMiddleware property on the Http kernel (app/Http/Kernel.php).

    Alternatively, when using it with the $routeMiddleware, you must reference explicitly it in your route definition; something like this:

    Route::group(['middleware'=>'jwt.auth'], function($router){
        $router->resource('protected-resource', 'SecretSauceController');
    });
    
    已采纳该答案
    打赏 评论

相关推荐 更多相似问题