我在内存中设置用户的简单登录配置方面遇到问题。我每次都找回错误的凭据。
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//auth.userDetailsService(userDetailsService);
auth.
inMemoryAuthentication()
.withUser("user").password("123").roles("USER")
.and()
.withUser("admin").password("password").roles("USER", "ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/location")
.hasAnyRole("ADMIN","USER")
.and()
.formLogin()
.and()
.csrf()
.disable();
}
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
}
我做错了什么?
最佳答案
这个答案提供了完整的working sample和 unit tests .
让我们稍微简化一下事情。如果您使用 formLogin()
,您所要做的就是指定一个 UserDetailsBean
并且您可以为其附带一个编码器:
@Bean
public PasswordEncoder passwordEncoder(){
return PasswordEncoderFactories.createDelegatingPasswordEncoder();
}
@Bean
public UserDetailsService userDetailsService() {
return new InMemoryUserDetailsManager(
builder()
.passwordEncoder(input -> passwordEncoder().encode(input))
.username("user")
.password("123")
.roles("USER")
.build(),
builder()
.passwordEncoder(input -> passwordEncoder().encode(input))
.username("admin")
.password("password")
.roles("USER", "ADMIN")
.build()
);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
//application security
.authorizeRequests()
.mvcMatchers("/non-secure/**").permitAll()
.anyRequest().fullyAuthenticated()
.and()
.formLogin()
;
// @formatter:on
}
非常欢迎您下载示例并运行unit tests在您的 IDE 中
现在这不是首选方式,因为您的代码中有明文密码。您可以将其替换为已有 passwords encrypted 的经理。 .
@Bean
public UserDetailsService userDetailsService() {
return new InMemoryUserDetailsManager(
builder()
.username("user")
.password("{bcrypt}$2a$10$C8c78G3SRJpy268vInPUFu.3lcNHG9SaNAPdSaIOy.1TJIio0cmTK")
.roles("USER")
.build(),
builder()
.username("admin")
.password("{bcrypt}$2a$10$XvWhl0acx2D2hvpOPd/rPuPA48nQGxOFom1NqhxNN9ST1p9lla3bG")
.roles("USER", "ADMIN")
.build()
);
}
关于java - Spring Security & inMemoryAuthentication() & 错误凭证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54153998/