我在 Spring Security 中遇到注册权限问题
我无法注册方法
我尝试设置对每个路径的访问权限,但没有帮助
Controller
@RestController
public class UserController {
private UserService userService;
public UserController(UserService userService) {
this.userService = userService;
}
@PostMapping("/register")
public Long register(@RequestBody User user){
return userService.register(user);
}
}
安全配置
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public PasswordEncoder getPasswordEncoder() {
return new BCryptPasswordEncoder();
}
private UserDetailsServiceImpl userDetailsService;
public SecurityConfig(UserDetailsServiceImpl userDetailsService) {
this.userDetailsService = userDetailsService;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
http.headers().disable();
http.authorizeRequests().
antMatchers("/").permitAll()
.antMatchers("/register").permitAll();
}
}
用户服务
@Service
public class UserService {
private UserRepository userRepository;
private PasswordEncoder passwordEncoder;
public UserService(UserRepository userRepository, PasswordEncoder passwordEncoder) {
this.userRepository = userRepository;
this.passwordEncoder = passwordEncoder;
}
public Long register(User user){
user.setPassword(passwordEncoder.encode(user.getPassword()));
userRepository.save(user);
return user.getId();
}
}
用户模型
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import java.util.*;
@Entity
public class User implements UserDetails {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
private String userName;
private String lastName;
private String password;
private String role;
public User() {
}
..get and set...
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
List<GrantedAuthority> listRole = new ArrayList<GrantedAuthority>();
listRole.add(new SimpleGrantedAuthority(role));
return listRole;
}
@Override
public String getPassword() {
return password;
}
@Override
public String getUsername() {
return userName;
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}
错误
java.lang.IllegalArgumentException: A granted authority textual representation is required at org.springframework.util.Assert.hasText(Assert.java:284) ~[spring-core-5.2.4.RELEASE.jar:5.2.4.RELEASE] at org.springframework.security.core.authority.SimpleGrantedAuthority.(SimpleGrantedAuthority.java:38) ~[spring-security-core-5.2.2.RELEASE.jar:5.2.2.RELEASE] at com.xxx.xx.models.User.getAuthorities(User.java:71) ~[classes/:na] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na] at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na] at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
最佳答案
在您的 User 模型类中,确保设置了角色,以便您的 getAuthorities() 方法正常工作。
您收到的错误提示您正在使用“null”角色执行“new SimpleGrantedAuthority”。
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
List<GrantedAuthority> listRole = new ArrayList<GrantedAuthority>();
listRole.add(new SimpleGrantedAuthority(role)); // this is the problematic line!
return listRole;
}
如果您没有角色,则只需返回一个空列表即可。
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return Collections.emptyList();
}
关于java - Spring Security 中需要授权的文本表示,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60968888/