我是第一次尝试 spring security,但出于某种原因,我编写的身份验证机制没有触发 -
使用的技术 - Spring 4.2.1、spring-security、jetty container、jersey 和 couchbase DB
安全配置.java -
@Configuration
@EnableWebSecurity
@ComponentScan(basePackageClasses={UserRepository.class, MyUserDetailService.class})
public class SecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
@Qualifier("userDetailsService")
UserDetailsService userDetailsService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.httpBasic();
// For later
//
// http.authorizeRequests().antMatchers("/*")
// .access("hasRole('ROLE_ADMIN')");
}
@Bean
public PasswordEncoder passwordEncoder(){
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
SecurityWebAppInitializer.java -
public class SecurityWebApplicationInitializer
extends AbstractSecurityWebApplicationInitializer {
public SecurityWebApplicationInitializer() {
super(SecurityConfig.class);
}
}
UserDetailService.java -
@Service("userDetailsService")
public class MyUserDetailService extends BaseServiceImpl<com.scoolboard.rest.entity.User, String> implements UserDetailsService {
@Autowired
private UserRepository userRepository;
protected UserRepository getRepository() {
return userRepository;
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
com.scoolboard.rest.entity.User user = getRepository().findByUserEmail(username);
List<GrantedAuthority> authorities = buildUserAuthority(new HashSet<UserRole>(user.getUserRole()));
return buildUserForAuthentication(user, authorities);
}
// Converts com.mkyong.users.model.User user to
// org.springframework.security.core.userdetails.User
private User buildUserForAuthentication(com.scoolboard.rest.entity.User user,
List<GrantedAuthority> authorities) {
return new User(user.getEmail(), user.getPassword(),
user.isEnabled(), true, true, true, authorities);
}
private List<GrantedAuthority> buildUserAuthority(Set<UserRole> userRoles) {
Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>();
// Build user's authorities
for (UserRole userRole : userRoles) {
setAuths.add(new SimpleGrantedAuthority(userRole.getRole()));
}
List<GrantedAuthority> result = new ArrayList<GrantedAuthority>(setAuths);
return result;
}
}
我在这里错过了什么。
最佳答案
我通过在 web.xml 中显式放置一个过滤器链来让它工作,就像这样 -
<!-- Enables Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
<init-param>
<param-name>targetBeanName</param-name>
<param-value>springSecurityFilterChain</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
我认为 SecurityWebApplicationInitializer 类会处理它(根据 spring security 引用)。我真的是 Spring 和 spring-security 的新手,如果有人能解释为什么它不起作用,那就太好了。
关于java - Spring 安全认证不起作用,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/32671418/