我在配置 Spring Security 和 JPA (Spring DATA) 时遇到问题。我有一些应用程序,其中“/admin”由“ADMIN”角色保护。 当我使用 inMemoryAuthentication 时,它会按我想要的方式工作:
auth.inMemoryAuthentication().withUser("admin1").password("admin1").roles("ADMIN");
auth.inMemoryAuthentication().withUser("user1").password("user1").roles("USER");
但是当我使用 JPA 和 UserDetailsService 实现时,我在“/admin”页面上出现 404 访问被拒绝错误。
SpringSecurity配置:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomUserDetailsService customUserDetailsService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(customUserDetailsService).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/admin/**")
.access("hasRole('ADMIN')")
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/j_spring_security_check")
.failureUrl("/login?error")
.usernameParameter("email")
.passwordParameter("password")
.and()
.logout()
.logoutUrl("/j_spring_security_logout")
.logoutSuccessUrl("/login?logout")
.and()
.exceptionHandling()
.accessDeniedPage("/403")
.and()
.csrf();
}
@Bean
public PasswordEncoder passwordEncoder() {
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
}
CustomUserDetailsService.class:
@Service
public class CustomUserDetailsService implements UserDetailsService {
private UserService userService;
@Autowired
public CustomUserDetailsService(UserService userService) {
super();
this.userService = userService;
}
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userService.findUserByUsername(username);
if (user == null) {
throw new UsernameNotFoundException("UserName " + username + " not found");
}
SecurityUser sUser= new SecurityUser(user);
return sUser;
}
}
SecurityUser.class:
public class SecurityUser extends User implements UserDetails {
private static final long serialVersionUID = 1L;
public SecurityUser(User user) {
this.setId(user.getId());
this.setEmail(user.getEmail());
this.setUsername(user.getUsername());
this.setPassword(user.getPassword());
this.setRoles(user.getRoles());
}
public Collection<? extends GrantedAuthority> getAuthorities() {
Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(0);
Set<Role> userRoles = this.getRoles();
if (userRoles != null) {
for (Role role : userRoles) {
SimpleGrantedAuthority authority = new SimpleGrantedAuthority(role.getName());
authorities.add(authority);
}
}
System.out.println("Roles: "+authorities.size());
authorities.stream().forEach(System.out::println);
System.out.println("==========");
return authorities;
}
public String getPassword() {
return super.getPassword();
}
public String getUsername() {
return super.getUsername();
}
public boolean isAccountNonExpired() {
return true;
}
public boolean isAccountNonLocked() {
return true;
}
public boolean isCredentialsNonExpired() {
return true;
}
public boolean isEnabled() {
return true;
}
} 数据库:
INSERT INTO `user` (`ID_USER`, `EMAIL`, `PASSWORD`, `USERNAME`) VALUES (1, 'admin@admin.pl', '$2a$10$bRqlytB7SOVw5Y2P8QFjgucN2hjCfdChUw4o.GAAzkaUbQHPklpE2','admin'), (2, 'user@user.pl', '$2a$10$Ydf6v7TX.SjH7FAoDQUQau2yqlLb1.xSsS/IUClUfgizAhqOVEw2C', 'user');
INSERT INTO `role` (`ID_ROLE`, `ROLE_NAME`) VALUES (1, 'ADMIN');
INSERT INTO `user_role` (`ID_USER`, `ID_ROLE`) VALUES (1, 1);
Github: https://github.com/cinek1992/blog/ 感谢您的帮助
最佳答案
您没有在 Spring Security 配置中使用 userService 。添加此:
private UserService detailsService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userService(detailsService).passwordEncoder(passwordEncoder());
}
关于java - Spring安全和JPA配置,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/32191136/