我在 pom.xml 中添加了 spring-security-starter。之后,我得到了一个登录屏幕,我在其中添加了
Username =user
password= Autogenerated password by spring security
至此登录成功。但是,当我在 application.properties 文件中添加这些属性时:
spring.security.user.name=ashwin
spring.security.user.password=ashwin
然后当我运行该项目时,当我尝试使用这些用户名=ashwin 和密码=ashwin 登录时,它拒绝我并向我显示错误的凭据。
我打印的控制台是:
2019-08-17 10:16:02.470 INFO 16036 --- [ main] c.a.s.s.SpringSecurityDemoApplication : Starting SpringSecurityDemoApplication on Ashwin with PID 16036 (E:\sp-brains\spring-security-demo\target\classes started by AshwinPC in E:\sp-brains\spring-security-demo)
2019-08-17 10:16:02.492 INFO 16036 --- [ main] c.a.s.s.SpringSecurityDemoApplication : No active profile set, falling back to default profiles: default
2019-08-17 10:16:15.394 INFO 16036 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8080 (http)
2019-08-17 10:16:15.600 INFO 16036 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2019-08-17 10:16:15.601 INFO 16036 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.22]
2019-08-17 10:16:16.524 INFO 16036 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2019-08-17 10:16:16.524 INFO 16036 --- [ main] o.s.web.context.ContextLoader : Root WebApplicationContext: initialization completed in 13042 ms
2019-08-17 10:16:18.007 INFO 16036 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'applicationTaskExecutor'
2019-08-17 10:16:20.530 INFO 16036 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@5e39850, org.springframework.security.web.context.SecurityContextPersistenceFilter@74fe5966, org.springframework.security.web.header.HeaderWriterFilter@6c37bd27, org.springframework.security.web.csrf.CsrfFilter@6b587673, org.springframework.security.web.authentication.logout.LogoutFilter@49aa766b, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@27fde870, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@1542af63, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@1603dc2f, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@4e4c3a38, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@677b8e13, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@58cec85b, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@398474a2, org.springframework.security.web.session.SessionManagementFilter@30331109, org.springframework.security.web.access.ExceptionTranslationFilter@4d0b0fd4, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@2bcec6a6]
2019-08-17 10:16:21.438 INFO 16036 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context path ''
2019-08-17 10:16:21.480 INFO 16036 --- [ main] c.a.s.s.SpringSecurityDemoApplication : Started SpringSecurityDemoApplication in 20.703 seconds (JVM running for 22.771)
我的主课:
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class SpringSecurityDemoApplication {
public static void main(String[] args) {
SpringApplication.run(SpringSecurityDemoApplication.class, args);
}
}
登录后要进行的测试 Controller :
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class HelloController {
@GetMapping(value = "/")
public String hello(){
return "<h1>Hello World</h1>";
}
}
最佳答案
您可以使用 inMemoryAuthentication 使用 configureGlobal(AuthenticationManagerBuilder auth) 或 UserDetailsService 的 @Bean:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("ashwin").password("{noop}ashwin").roles("ADMIN");
}
//OR
@Bean
public UserDetailsService userDetailsService() {
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
manager.createUser(User.withUsername("ashwin").password("{noop}ashwin").roles("USER").build());
return manager;
}
}
注意:
您也可以简单地将 {noop} 添加到您的密码中,以便 DelegatingPasswordEncoder 使用 NoOpPasswordEncoder 来验证这些密码。请注意 NoOpPasswordEncoder 已被弃用,因为以纯文本格式存储密码不是一个好习惯。
关于java - spring boot 2.1.7 默认登录不成功,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57533311/