堆栈内存溢出
  简体   繁体   English

Spring安全性和JPA配置

[英]Spring security & JPA configuration

 原文  2015-08-24 20:25:07       java/ spring/ spring-mvc/ jpa/ spring-security

问题描述

I have problem with configuration Spring Security and JPA (Spring DATA). 配置Spring Security和JPA(Spring DATA)时遇到问题。 I have some application where "/admin" is secured by "ADMIN" role. 我有一些应用程序,其中“/ admin”由“ADMIN”角色担保。 When i use inMemoryAuthentication it works as i want: 当我使用inMemoryAuthentication时,它可以正常工作: 

auth.inMemoryAuthentication().withUser("admin1").password("admin1").roles("ADMIN");
auth.inMemoryAuthentication().withUser("user1").password("user1").roles("USER");

but when I use JPA and UserDetailsService implementation i have 404 Access denied error on the "/admin" page. 但是当我使用JPA和UserDetailsS​​ervice实现时,我在“/ admin”页面上有404 Access denied错误。

SpringSecurity configuration: SpringSecurity配置: 

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomUserDetailsService customUserDetailsService;

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(customUserDetailsService).passwordEncoder(passwordEncoder());
}

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
            .antMatchers("/admin/**")
            .access("hasRole('ADMIN')")
        .and()
            .formLogin()
                .loginPage("/login")
                .loginProcessingUrl("/j_spring_security_check")
                .failureUrl("/login?error")
                .usernameParameter("email")
                .passwordParameter("password")
        .and()
            .logout()
                .logoutUrl("/j_spring_security_logout")
                .logoutSuccessUrl("/login?logout")
        .and()
            .exceptionHandling()
            .accessDeniedPage("/403")
        .and()
            .csrf();

}

@Bean
public PasswordEncoder passwordEncoder() {
    PasswordEncoder encoder = new BCryptPasswordEncoder();
    return encoder;
}

} }

CustomUserDetailsService.class: CustomUserDetailsS​​ervice.class: 

@Service
public class CustomUserDetailsService implements UserDetailsService {

private UserService userService;

@Autowired
public CustomUserDetailsService(UserService userService) {
    super();
    this.userService = userService;
}

public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
    User user = userService.findUserByUsername(username);
    if (user == null) {
        throw new UsernameNotFoundException("UserName " + username + " not found");
    }
    SecurityUser sUser= new SecurityUser(user);
    return sUser;
}

} }

SecurityUser.class: SecurityUser.class: 

public class SecurityUser extends User implements UserDetails {

private static final long serialVersionUID = 1L;

public SecurityUser(User user) {
    this.setId(user.getId());
    this.setEmail(user.getEmail());
    this.setUsername(user.getUsername());
    this.setPassword(user.getPassword());
    this.setRoles(user.getRoles());
}

public Collection<? extends GrantedAuthority> getAuthorities() {
    Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(0);
    Set<Role> userRoles = this.getRoles();
    if (userRoles != null) {
        for (Role role : userRoles) {
            SimpleGrantedAuthority authority = new SimpleGrantedAuthority(role.getName());
            authorities.add(authority);
        }
    }
    System.out.println("Roles: "+authorities.size());
    authorities.stream().forEach(System.out::println);
    System.out.println("==========");
    return authorities;
}

public String getPassword() {
    return super.getPassword();
}

public String getUsername() {
    return super.getUsername();
}

public boolean isAccountNonExpired() {
    return true;
}

public boolean isAccountNonLocked() {
    return true;
}

public boolean isCredentialsNonExpired() {
    return true;
}

public boolean isEnabled() {
    return true;
}

} Database: 数据库: 

INSERT INTO `user` (`ID_USER`, `EMAIL`, `PASSWORD`, `USERNAME`) VALUES (1, 'admin@admin.pl', '$2a$10$bRqlytB7SOVw5Y2P8QFjgucN2hjCfdChUw4o.GAAzkaUbQHPklpE2','admin'), (2, 'user@user.pl', '$2a$10$Ydf6v7TX.SjH7FAoDQUQau2yqlLb1.xSsS/IUClUfgizAhqOVEw2C', 'user');
INSERT INTO `role` (`ID_ROLE`, `ROLE_NAME`) VALUES (1, 'ADMIN');
INSERT INTO `user_role` (`ID_USER`, `ID_ROLE`) VALUES (1, 1);

Github: https://github.com/cinek1992/blog/ Thanks for any help Github: https//github.com/cinek1992/blog/感谢您的帮助

1 个解决方案

解决方案1
 0  2015-10-19 12:09:41

Your not using the userService in spring security configuration. 您没有在spring安全配置中使用userService。 Add this: 添加这个: 

private UserService detailsService;
@Autowired
 public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
  auth.userService(detailsService).passwordEncoder(passwordEncoder()); 
 }

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 将Spring Security与JPA一起使用 - Use Spring Security with JPA Spring Security配置到Java配置 - Spring security configuration to java configuration Spring Security 配置中的 BcryptEncoder 配置 - BcryptEncoder configuration in Spring Security Configuration Spring Security Java配置 - Spring Security Java configuration Spring4安全配置 - Spring4 Security configuration Spring安全性和@Configuration顺序 - Spring security and @Configuration order 春季安全配置问题 - Spring Security Configuration Issue Spring Security:配置错误 - Spring Security : configuration error Spring Security UserDetailsS​​ervice配置 - Spring security UserDetailsService configuration MVC中的Spring安全性配置 - Spring Security Configuration In MVC
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM