我遇到的问题是this tutorial .
我的问题是我总是遇到这样的问题:我的用户从数据库中读出,但我没有得到身份验证。在 View 上,它始终显示错误消息“无效的用户名或密码”。我的控制台输出显示没有错误。当我通过身份验证过程进行调试时,没有出现错误可能来自的不清楚的行为。
在我的 pom.xml 中,我使用了以下依赖项。
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
</dependencies>
我的 CustomUserDetailsService.java 看起来像这样。
@Service("customUserDetailsService")
public class CustomUserDetailsService implements UserDetailsService {
private final UserRepository userRepository;
private final UserRolesRepository userRolesRepository;
@Autowired
public CustomUserDetailsService(UserRepository userRepository,
UserRolesRepository userRolesRepository) {
this.userRepository = userRepository;
this.userRolesRepository = userRolesRepository;
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userRepository.findByUserName(username);
if (user == null) {
throw new UsernameNotFoundException("No user present with username " + username);
}
else {
List<String> userRoles = userRolesRepository.findRoleByUserName(username);
return new CustomUserDetails(user, userRoles);
}
}
}
CustomUserDetails.java
public class CustomUserDetails extends User implements UserDetails {
private static final long serialVersionUID = 1L;
private List<String> userRoles;
public CustomUserDetails(User user, List<String> userRoles) {
super(user);
this.userRoles = userRoles;
}
@Override
public Collection< ? extends GrantedAuthority> getAuthorities() {
String roles = StringUtils.collectionToCommaDelimitedString(userRoles);
return AuthorityUtils.commaSeparatedStringToAuthorityList(roles);
}
@Override
public boolean isAccountNonExpired() {
return false;
}
@Override
public boolean isAccountNonLocked() {
return false;
}
@Override
public boolean isCredentialsNonExpired() {
return false;
}
}
WebSecurityConfig.java
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordencoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/", "/home", "/images/**", "/css/**", "/js/**", "/loadEvents")
.permitAll().anyRequest().authenticated().and().formLogin().loginPage("/login")
.permitAll().and().logout().permitAll();
}
@Bean(name = "passwordEncoder")
public PasswordEncoder passwordencoder() {
return new BCryptPasswordEncoder();
}
}
正如我之前提到的,我不认为错误发生在数据库上。我使用了教程中的数据库方案。我还使用了 User.java UserRole.java 和教程中的两个存储库。
我的Application.java看起来像这样。
@SpringBootApplication
@EnableJpaRepositories(basePackages = "<package>")
@EntityScan(basePackages = "<package>")
public class Application {
public static void main(String[] args) throws Throwable {
SpringApplication.run(Application.class, args);
}
}
更新 1:Git 项目链接 https://github.com/pStuetz/Speeddating4SO/tree/master
您可能需要编辑 src/main/resources/application.properties 以支持您的数据库。我包含了用于创建数据库表的 sql 脚本。
最佳答案
我通过添加此行在 application.properties 中启用了跟踪日志记录
logging.level.=TRACE
并看到错误消息
org.springframework.security.authentication.LockedException: User account is locked
在控制台中。
您的自定义用户详细信息类de.dhbw.stuttgart.speeddating.userhandling.service.impl.CustomUserDetails从方法“isAccountNonExpired”返回“false” strong>”、“isAccountNonLocked”和“isCredentialsNonExpired”。我想这些方法应该返回类 de.dhbw.stuttgart.speeddating.userhandling.service.User 中的属性“enabled”的值。
将所有这些“false”更改为“true”后,登录过程开始按预期工作。
关于mysql - Spring Boot、Spring Security、MySQL - CustomUserDetailsService 始终导致错误 "Invalid Username or Password",我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/41916457/