我有一个带有 MySQL 的 Spring Boot 应用程序。我可以将用户保存在数据库中,但当我尝试登录时,它一直说用户名或密码不正确。即使我对用户进行硬编码,它仍然不起作用。
我使用 JavaBrains tutorial 创建了设置以及他们的代码GitHub .
这是我正在使用的代码。
安全配置:
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests(authorize -> authorize
.antMatchers("/static/**", "/index").permitAll()
.antMatchers("/premium/**").hasAuthority("PREMIUM")
.antMatchers("/user/**").hasAuthority("USER")
)
.formLogin(formLogin -> formLogin
.loginPage("/login")
.failureUrl("/login-error")
);
}
@Bean
public PasswordEncoder getPasswordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
}
我的用户详细信息服务
public class MyUserDetailsService implements UserDetailsService {
@Autowired
UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Optional<User> user = userRepository.findByUsername(username);
user.orElseThrow(() -> new UsernameNotFoundException("Can't find user " + username));
return user.map(MyUserDetails::new).get();
}
}
我的用户详细信息
public class MyUserDetails implements UserDetails {
private String username;
private String password;
private boolean isEnabled;
private List<GrantedAuthority> authorities;
public MyUserDetails(User user) {
this.username = user.getUsername();
this.password = user.getPassword();
this.isEnabled = user.isEnabled();
this.authorities = Arrays.stream(user.getAuthorities().split(","))
.map(SimpleGrantedAuthority::new).collect(Collectors.toList());
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return authorities;
}
@Override
public String getPassword() {
return password;
}
@Override
public String getUsername() {
return username;
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return isEnabled;
}
}
我的用户存储库
@Repository
public interface UserRepository extends JpaRepository<User, Long> {
Optional<User> findByUsername(String username);
}
用户
@Entity(name="Users")
public class User {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private long id;
private String username;
private String password;
@Transient
private String passwordConfirm;
private boolean isEnabled;
private String authorities;
private String isPremium;
private LocalDateTime premiumExpiryDate;
// getters and setters
}
登录页面上的登录表单
<p th:if="${loginError}" class="error">Wrong user or password</p>
<form th:action="@{/login}" method="post" class="login100-form validate-form p-l-55 p-r-55 p-t-178">
<span class="login100-form-title">
Sign In
</span>
<div class="wrap-input100 validate-input m-b-16" data-validate="Please enter username">
<input class="input100" type="text" name="username" placeholder="Username">
<span class="focus-input100"></span>
</div>
<div class="wrap-input100 validate-input" data-validate = "Please enter password">
<input class="input100" type="password" name="password" placeholder="Password">
<span class="focus-input100"></span>
</div>
<div class="text-right p-t-13 p-b-23">
<span class="txt1">
Forgot
</span>
<a href="#" class="txt2">
Username / Password?
</a>
</div>
<div class="container-login100-form-btn">
<button class="login100-form-btn">
Sign in
</button>
</div>
</form>
我没有登录的 POST 映射,因为它应该由 Spring security 提供。但是我怀疑问题一定出在某个地方,因为我在 UserDetails 和 UserDetailsService 中有日志语句,但这些语句都没有被调用。
你能帮我找出问题所在吗?
最佳答案
我明白了。有两个问题。
系统使用默认
inMemoryUserDetailsManager
而不是我的 UserDetailsService 实现。我不知道如何关闭 inMemoryUserDetailsManager,但我找到了如何使用我的实现。您需要使用 @Service("userDetailsService") 注解该服务
@Service("userDetailsService")
public class MyUserDetailsService implements UserDetailsService {
...
第二个问题是用户。他们需要将“enabled”值设置为 true。如果设置为 false,Spring 会认为它们处于非 Activity 状态。
public void saveUser(User user) {
user.setAuthorities("USER");
user.setEnabled(true);
...
现在它对我有用。
关于java - 无法使用 Spring Boot Security 登录,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61710593/