我有一个应用程序在本地 8100 中运行,我的服务器端代码在 8065 中执行,它已将 Spring Security
实现为 Java 配置。当我从 8100 ionic 浏览器窗口输入登录服务器代码时。我得到的原则对象数据只有字符串作为anonymousUser
。
我在服务器端代码中打印了 Authentication
和 Principle
数据。下面粘贴代码。
对于身份验证
身份验证 auth = SecurityContextHolder.getContext().getAuthentication()
auth
数据是,
org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc:主体:anonymousUser;凭证:[ protected ];已验证:真实;详细信息:org.springframework.security.web.authentication.WebAuthenticationDetails@b364:RemoteIpAddress:0:0:0:0:0:0:0:1; session ID:空;授予权限:ROLE_ANONYMOUS
对于getPrincipal
对象主体 = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
主要
数据
anonymousUser
这个字符串只有它有。下面我粘贴了我的安全配置 java 类代码。
安全配置 Java 类
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
DataSource dataSource;
@Autowired
private SecurityUserService userDetailsService;
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/user/createsocialuser");
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
ExceptionMappingAuthenticationFailureHandler loginFailureHandler = new ExceptionMappingAuthenticationFailureHandler();
loginFailureHandler.setDefaultFailureUrl("/login/loginFailure");
http
.authorizeRequests()
.regexMatchers("/login.*").permitAll()
.regexMatchers("/admin.*").hasRole("ADMIN")
.regexMatchers("/user.*").hasRole("USER")
.and()
.formLogin()
.usernameParameter("j_username")
.passwordParameter("j_password")
.loginProcessingUrl("/j_spring_security_check")
.defaultSuccessUrl("/login/loginSuccess")
.permitAll()
.failureHandler(loginFailureHandler)
.permitAll().and().logout().permitAll()
.and().exceptionHandling()
.accessDeniedPage("/accessDenied/403").and().csrf().disable();
}
}
登录 Html
<form class="form-horizontal" name="loginform" data-ng-submit="doLogin(loginform,userDetails)">
<label for="username">Username:</label>
<input type="text" class="form-control" ng-model="$parent.login.email" id="j_username" placeholder="Enter username" name="j_username" >
<label for="password">Password:</label>
<input type="password" class="form-control" ng-model="$parent.login.password" id="j_password" placeholder="Enter password" type="password" name="j_password">
<div class="alert alert-danger" id="loginerror" role="alert">
invalid usermame or password
</div><br/>
<button type="submit" class="btn btn-default submit">Si in</button>
</form>
登录Js
$scope.doLogin = function(loginform,userDetails) {
if (loginform.$valid) {
console.log('$parent.login.email',angular.toJson(self.login.email));
console.log('$parent.login.password',angular.toJson(self.login.password));
var loc = 'http://localhost:8080/Test_10030';
$http.post(loc+'/j_spring_security_check?j_username='+self.login.email+'&j_password='+self.login.password)
.success(function(data){
console.log('Server data =>',angular.toJson(data));
if(data.responseError == "loginFailed"){
alert("user name pasword incorrect")
console.error('Server data =>');
$log.log("Error login Credentials: ",JSON.stringify(data));
$location.url('login');
}
if(data.responseSuccess == "success"){
if(data.result != null){
var serverData = data.result;
console.warn('Server data =>',angular.toJson(serverData));
$rootScope.userData= serverData;
$location.url('/home');
}
}
}).error(function(data){
//callback
console.log('Error Some Internal server Error',data);
});
} else {
$log.log("form is invalid!");
if (self.isNewUser) {
loginform["username"].$dirty = true;
loginform["usrtel"].$dirty = true;
}
loginform["email"].$dirty = true;
loginform["password"].$dirty = true;
}
};
登录 Controller Java
@RestController
@RequestMapping("/login")
public class LoginController {
@RequestMapping(value="/loginSuccess",method = RequestMethod.GET)
public ResponseWrapper create(Principal principle) {
System.out.println("-------***************----------------");
try {
System.out.println("principle data=>"+principle)// NULL POINTER EXCEPTION
System.out.println("-------sucess********----------------");
ResponseWrapper wrap = new ResponseWrapper();
Object principal = SecurityContextHolder.getContext().getAuthentication().getAuthorities();
System.err.println("Principal dara=>"+principal);
wrap.setResult(principle);
wrap.setResponseSuccess("success");
return wrap;
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
}
UserDetail类
@Service
@Transactional
public class SecurityUserService implements IUserService {
@Autowired
private SecurityUserDao gpuser_Dao;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
System.out.println("............" + username);
GpUser user = gpuser_Dao.findUser(username);
UserDetails userDetails = null;
String rol = null;
if (user == null) {
throw new UsernameNotFoundException("No User found");
} else {
List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
// Access DB and get the roles and assign
Object obj = user.getAuthorities();
System.out.println("obje data=>" + obj.toString());
grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
userDetails = new User(user.getUsername(), user.getPassword(), true, true, true, true, grantedAuthorities);
/** ADDING ROLES-Creating authentication object with roles **/
Authentication authentication = new UserAuthenticationToken(user, userDetails,
userDetails.getAuthorities());
// Set the authentication
SecurityContextHolder.getContext().setAuthentication(authentication);
}
Object principal = SecurityContextHolder.getContext().getAuthentication().getAuthorities();
return userDetails;
}
}
BootSecurityUserDao.java
@Repository
@Transactional
public class BootSecurityUserDao implements IUserDao {
@PersistenceContext
private EntityManager entityManager;
@SuppressWarnings("unchecked")
public GUser findUser(String username){
try{
String login = "select * from guser where username=:username";
Query result = entityManager.createNativeQuery(login,GUser.class)
.setParameter("username", username);
List<GUser> list = result.getResultList();
System.out.println("size of user list : " + list.size());
if (list.size() > 0) {
GUser user_from_db = list.get(0);
return user_from_db;
}
}catch(DataAccessException e) {
e.printStackTrace();
}
return null;
}
}
在我的安全java配置类中是否有为特定角色添加任何其他代码,例如anonymousUser
或ROLE_ANONYMOUS
。我为 \login
相关的 URLS
添加了 permitAll()
。或者 Spring Security 本身有任何代码可以解决这个问题,就像我有一个困惑一样。
最佳答案
可能是您的数据库角色分配不正确。做一件事,验证用户,然后自己分配角色,如下所示。
AssignRoles.java
public class AssignRoles implements UserDetailsService {
Public Principal principalObject;
//getter setter
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
//Access DB and get the roles and assign
grantedAuthorities.add( new SimpleGrantedAuthority("Role_User"));
boolean enabled = true;
boolean accountNonExpired = true;
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
UserDetails userDetails = new User(userName,password,enabled,accountNonExpired, credentialsNonExpired,accountNonLocked,grantedAuthorities);
/**ADDING ROLES-Creating authentication object with roles**/
Authentication authentication = new UserAuthenticationToken(principalObject, userDetails, userDetails.getAuthorities());
//Set the authentication
SecurityContextHolder.getContext().setAuthentication(authentication); //Authentication is assigned,Now check security context user will have roles
return userDetails;
}
}
UserAuthenticationToken.java
public class UserAuthenticationToken extends AbstractAuthenticationToken {
private static final long serialVersionUID = 1L;
private final Object principal;
private Object credentials;
/**Store the principal object(you can store any object like userbean anything) as principal,userdetails as credentials and authorities in Authentication object**/
public UserAuthenticationToken(Object principal, Object credentials,
Collection<? extends GrantedAuthority> authorities) {
super(authorities);
this.principal = principal;
this.credentials = credentials;
super.setAuthenticated(true);
}
public Object getCredentials() {
return this.credentials;
}
public Object getPrincipal() {
return this.principal;
}
}
LoginController.java
public ResponseWrapper create(Principal principle) {
try {
ResponseWrapper wrap = new ResponseWrapper();
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
/**ADD THIS**/
AssignRoles assignROles = new AssignRoles();
assignRoles.setPrincipalObject(principal);
assignRoles.loadUserByUsername(SecurityContextHolder.getContext().getAuthentication().getName()) //send username
SecurityContextHolder.getContext().getAuthentication().getAuthorities() //It will print assigned roles
return wrap;
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
更新:
将您的 UserDetail.class
修改为
@Service
@Transactional
public class BootUserService implements IUserService {
@Autowired
private BootSecurityUserDao gpuser_Dao;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
System.out.println("............"+username);
GUser gUser = gpuser_Dao.findUser(username);
UserDetails userDetails = null;
if (gUser== null) {
throw new UsernameNotFoundException("No User found");
} else {
List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
//Access DB and get the roles and assign
grantedAuthorities.add( new SimpleGrantedAuthority(gUser.getAuthority())); //If not fetched fetch from db and assign
//you can add any number of roles like
/** grantedAuthorities.add( new SimpleGrantedAuthority("RoleJustAsString")); **/
userDetails = new User(userName,password,enabled,accountNonExpired, credentialsNonExpired,accountNonLocked,grantedAuthorities);
/**ADDING ROLES-Creating authentication object with roles**/
Authentication authentication = new UserAuthenticationToken(gUser, userDetails, userDetails.getAuthorities());
//Set the authentication
SecurityContextHolder.getContext().setAuthentication(authentication);
}
System.out.println("-=--------------user----"+user.toString());
return userDetails;
}
}
删除AssignRoles.java
并保留UserAuthenticationToken
类。
关于java - 访问不同端口中的 spring security,获取字符串形式的原理数据 'anonymousUser',我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/39362559/