我将 Spring Session 与 JDBC 和 Mysql 结合使用。 Spring Security 登录成功,但主体名称为空。
有没有人知道,错误是什么?
文件:
应用程序.yaml:
session:
store-type: jdbc
jdbc:
initialize-schema: always
table-name: SPRING_SESSION
配置:
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
@EnableJdbcHttpSession
@EnableJpaRepositories(basePackageClasses = UsersRepository.class)
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private CustomUserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.authorizeRequests()
.antMatchers("/*").authenticated().anyRequest().permitAll()
.antMatchers("/sources/*").anonymous().anyRequest().permitAll()
.antMatchers("/public/*").anonymous().anyRequest().permitAll()
.and()
.formLogin().
loginPage("/login").
loginProcessingUrl("/app-login").
usernameParameter("app_username").
passwordParameter("app_password").
permitAll()
.and()
.exceptionHandling().
accessDeniedPage("/error403");
}
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
这是数据库表的图片: link
pom.xml:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>sandbox</groupId>
<artifactId>TestApp</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>war</packaging>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.0.5.RELEASE</version>
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session</artifactId>
<version>1.0.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-websocket</artifactId>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
</dependency>
</dependencies>
<properties>
<java.version>1.8</java.version>
</properties>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<executable>true</executable>
</configuration>
</plugin>
</plugins>
</build>
</project>
2019 年 3 月 18 日更新
我无法更改安全策略。 link
更新
如果我将以下 Bean 添加到我的安全配置中,数据库中的 principal_name 将不再为空。现在有登录用户的用户名。 但是在每次站点重新加载后,都会创建一个新 session ,因此用户不能说已登录。
@Bean
public HttpSessionIdResolver httpSessionIdResolver(){
return new HeaderHttpSessionIdResolver("X-Auth-Token");
}
最佳答案
终于找到问题了。我必须为我的 User 类实现接口(interface) Serializable。现在它工作正常。
关于mysql - JDBC Spring session |委托(delegate)人为空,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/55147963/